Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Connection Problems


  • This topic is locked This topic is locked
26 replies to this topic

#1 TQUAD

TQUAD

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 21 February 2009 - 05:37 PM

Help needed,
The Internet Connect Box appears automatically every 2 minutes or so on my screen whether I'm actually connected to the internet or not. It interrupts any program I'm running until I click on cancel or connect. It previously appeared only when I selected my internet browser or email provider. It continuously appears no matter what I click on. I have tried System Restore to a date when I did not have the problem but it still appears. I hope someone can help me. I've included both DDS files. I hope they are in the correct place although I'm not sure. I have my Microsoft Firewall turned on as I always have. I have not performed a Kaspersky scan.
TQUAD.

DDS (Ver_09-02-01.01) - NTFSx86
Run by TOM at 16:13:50.85 on Sat 02/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\NETGEAR\WPNT121\WPNT121.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Documents\Compsound3\dds(4).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpnt121\WPNT121.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189269032250
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193272300734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {89BABCDF-1944-4C3E-B8CC-698E445BAFF3} = 207.250.248.10 207.250.248.9
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\tquad@milwpc.com\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-1-17 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-1-17 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-1-17 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-1-17 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-1-17 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-1-17 144960]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-1-17 242952]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-1-17 108368]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Airgo3U;NETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121;c:\windows\system32\drivers\TMIMO31U.sys [2006-3-6 722432]

=============== Created Last 30 ================

2009-02-21 00:16 <DIR> --d----- c:\windows\CAVTemp

==================== Find3M ====================

2009-02-21 15:31 7,304 a------- c:\windows\TMP0001.TMP
2009-02-21 15:29 3,578 a------- c:\program files\i_view32.ini
2009-01-17 16:49 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-01-17 16:49 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-05 20:35 233,494 a------- c:\program files\i_view32.chm
2008-12-05 20:35 67,852 a------- c:\program files\i_changes.txt
2008-12-05 20:35 29,184 a------- c:\program files\iv_uninstall.exe
2008-12-05 20:35 14,047 a------- c:\program files\i_options.txt
2008-12-05 20:35 11,945 a------- c:\program files\i_plugins.txt
2008-12-05 20:35 2,351 a------- c:\program files\i_about.txt
2008-12-05 20:35 765 a------- c:\program files\i_languages.txt
2008-12-05 20:35 470,016 a------- c:\program files\i_view32.exe
2008-07-25 11:35 31,430 a---h--- c:\program files\i_view32.GID
2007-10-24 16:23 206,436 a------- c:\program files\i_view32.hlp
2007-10-24 16:23 5,811 a------- c:\program files\i_view32.cnt
2007-10-24 16:23 661 a------- c:\program files\i_view32.exe.manifest
2008-11-14 01:33 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-11-14 01:33 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:14:25.78 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2007 11:11:46 AM
System Uptime: 2/21/2009 3:31:03 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8V-VM SE
Processor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 97.665 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 10.443 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 357.851 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001
Service: IntcAzAudAddService

==== System Restore Points ===================

RP464: 11/24/2008 3:06:25 AM - System Checkpoint
RP465: 11/25/2008 4:40:41 AM - System Checkpoint
RP466: 11/26/2008 5:18:11 AM - System Checkpoint
RP467: 11/27/2008 6:02:04 AM - System Checkpoint
RP468: 11/28/2008 6:15:39 AM - System Checkpoint
RP469: 11/29/2008 7:10:13 AM - System Checkpoint
RP470: 11/30/2008 7:25:23 AM - System Checkpoint
RP471: 12/1/2008 7:56:02 AM - System Checkpoint
RP472: 12/2/2008 8:49:02 AM - System Checkpoint
RP473: 12/3/2008 9:02:58 AM - System Checkpoint
RP474: 12/4/2008 9:05:06 AM - System Checkpoint
RP475: 12/5/2008 9:36:34 AM - System Checkpoint
RP476: 12/6/2008 10:01:46 AM - System Checkpoint
RP477: 12/7/2008 11:02:52 AM - System Checkpoint
RP478: 12/8/2008 11:10:31 AM - System Checkpoint
RP479: 12/9/2008 12:04:30 PM - System Checkpoint
RP480: 12/10/2008 1:01:47 PM - System Checkpoint
RP481: 12/11/2008 2:01:46 PM - System Checkpoint
RP482: 12/12/2008 3:01:45 PM - System Checkpoint
RP483: 12/13/2008 4:01:45 PM - System Checkpoint
RP484: 12/14/2008 5:01:45 PM - System Checkpoint
RP485: 12/15/2008 6:11:51 PM - System Checkpoint
RP486: 12/16/2008 6:31:20 PM - System Checkpoint
RP487: 12/17/2008 7:01:44 PM - System Checkpoint
RP488: 12/18/2008 7:52:43 PM - System Checkpoint
RP489: 12/19/2008 8:45:45 PM - System Checkpoint
RP490: 12/20/2008 10:48:53 PM - System Checkpoint
RP491: 12/21/2008 10:51:44 PM - System Checkpoint
RP492: 12/23/2008 12:35:52 AM - System Checkpoint
RP493: 12/24/2008 1:31:21 AM - System Checkpoint
RP494: 12/25/2008 2:31:22 AM - System Checkpoint
RP495: 12/26/2008 3:31:23 AM - System Checkpoint
RP496: 12/27/2008 4:31:25 AM - System Checkpoint
RP497: 12/28/2008 5:40:37 AM - System Checkpoint
RP498: 12/29/2008 6:31:23 AM - System Checkpoint
RP499: 12/30/2008 7:31:22 AM - System Checkpoint
RP500: 12/31/2008 8:31:21 AM - System Checkpoint
RP501: 1/1/2009 9:32:27 AM - System Checkpoint
RP502: 1/2/2009 10:43:21 AM - System Checkpoint
RP503: 1/3/2009 11:31:20 AM - System Checkpoint
RP504: 1/4/2009 12:43:22 PM - System Checkpoint
RP505: 1/5/2009 1:54:36 PM - System Checkpoint
RP506: 1/6/2009 1:56:45 PM - System Checkpoint
RP507: 1/7/2009 8:37:12 PM - Restore Operation
RP508: 1/7/2009 9:11:56 PM - Restore Operation
RP509: 1/7/2009 9:16:07 PM - Restore Operation
RP510: 1/7/2009 9:24:49 PM - Restore Operation
RP511: 1/7/2009 9:40:53 PM - Restore Operation
RP512: 1/8/2009 9:44:16 PM - System Checkpoint
RP513: 1/9/2009 9:56:36 PM - System Checkpoint
RP514: 1/10/2009 11:12:39 PM - System Checkpoint
RP515: 1/12/2009 1:43:49 AM - System Checkpoint
RP516: 1/13/2009 1:56:35 AM - System Checkpoint
RP517: 1/14/2009 3:03:42 AM - System Checkpoint
RP518: 1/15/2009 3:57:36 AM - System Checkpoint
RP519: 1/16/2009 4:21:55 AM - System Checkpoint
RP520: 1/17/2009 4:58:16 AM - System Checkpoint
RP521: 1/17/2009 2:02:25 PM - Removed Ad-Aware 2007
RP522: 1/17/2009 2:03:42 PM - Removed AVG 7.5
RP523: 1/17/2009 2:05:03 PM - Installed AVG 7.5
RP524: 1/17/2009 2:05:31 PM - Avira AntiVir Personal - 1/17/2009 14:05
RP525: 1/18/2009 4:56:27 PM - System Checkpoint
RP526: 1/19/2009 5:16:53 PM - System Checkpoint
RP527: 1/20/2009 6:40:16 PM - System Checkpoint
RP528: 1/21/2009 6:56:32 PM - System Checkpoint
RP529: 1/22/2009 8:40:55 PM - System Checkpoint
RP530: 1/23/2009 9:12:21 PM - System Checkpoint
RP531: 1/24/2009 9:56:33 PM - System Checkpoint
RP532: 1/25/2009 10:01:49 PM - System Checkpoint
RP533: 1/26/2009 11:15:06 PM - System Checkpoint
RP534: 1/27/2009 11:55:28 PM - System Checkpoint
RP535: 1/28/2009 11:56:35 PM - System Checkpoint
RP536: 1/30/2009 12:53:31 AM - System Checkpoint
RP537: 1/31/2009 4:34:56 AM - System Checkpoint
RP538: 2/1/2009 4:55:30 AM - System Checkpoint
RP539: 2/2/2009 5:55:30 AM - System Checkpoint
RP540: 2/3/2009 6:55:27 AM - System Checkpoint
RP541: 2/4/2009 7:55:27 AM - System Checkpoint
RP542: 2/5/2009 8:55:27 AM - System Checkpoint
RP543: 2/6/2009 9:51:08 AM - System Checkpoint
RP544: 2/6/2009 6:14:50 PM - Restore Operation
RP545: 2/7/2009 6:29:07 PM - System Checkpoint
RP546: 2/8/2009 6:47:27 PM - System Checkpoint
RP547: 2/9/2009 6:52:31 PM - System Checkpoint
RP548: 2/10/2009 8:21:46 PM - System Checkpoint
RP549: 2/11/2009 9:31:16 PM - System Checkpoint
RP550: 2/12/2009 9:45:55 PM - System Checkpoint
RP551: 2/13/2009 10:29:07 PM - System Checkpoint
RP552: 2/14/2009 10:45:53 PM - System Checkpoint
RP553: 2/15/2009 11:45:54 PM - System Checkpoint
RP554: 2/17/2009 1:01:11 AM - System Checkpoint
RP555: 2/18/2009 2:22:42 AM - System Checkpoint
RP556: 2/19/2009 2:58:48 AM - System Checkpoint
RP557: 2/20/2009 3:02:30 AM - System Checkpoint
RP558: 2/20/2009 2:52:27 PM - Restore Operation
RP559: 2/20/2009 3:06:45 PM - Restore Operation

==== Installed Programs ======================

Adobe Audition 1.5
Adobe Reader 8.1.1
AI RoboForm (All Users)
Athlon 64 Processor Driver
Audacity 1.2.3
Belarc Advisor 7.2
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CCleaner (remove only)
CDDRV_Installer
Diskeeper Professional Premier Edition
Express Burn
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
Java™ 6 Update 3
Kensington MouseWorks
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NaTCH SigJenny v0.989
Nero 7 Ultra Edition
neroxml
NETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121
NVIDIA Drivers
PCI SoftV92 Modem
Platform
Quartz Studio Eval
Realtek High Definition Audio Driver
SC Audio DJ Mixer 2.4.0.0
Seagate DiscWizard
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SimSynth™ 2.x DEMO
SIW version 1.73
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xtreme Sound PCI

==== Event Viewer Messages From Past Week ========

2/18/2009 4:44:56 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\dialer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.

==== End Of File ===========================

Edited by Orange Blossom, 21 February 2009 - 08:56 PM.
fix code tags ~ OB


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:11 AM

Posted 04 March 2009 - 03:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 05 March 2009 - 12:16 AM


Bleeping Computer,
Following the instructions of my last post I have done nothing to my computer. Therefore my problem still persists. Every two minutes or less the 'Connect to Internet' box appears on my screen regardless of whether I am online or not. If I click 'Cancel' or 'Connect' the box still reappears shortly after. Before this problem, the box only appeared once when I selected either my email provider or my internet browser. Each time it appears now it interrupts any program I am running. This is obviously very irritating. My system uses CA Anti Virus and Anti Spyware. I have even tried 'System Restore' to a date when I did not have the problem. Needless to say, that did not work either. I hope someone can tell me what is wrong. I have included the new DDS logs per the instructions. My apologies but my Winzip does not seem to be working or I am not using it correctly. I hope they are in the correct order.
TQUAD.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2007 11:11:46 AM
System Uptime: 2/21/2009 3:31:02 PM (271 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8V-VM SE
Processor: AMD Athlon™ 64 Processor 3500+ | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 122.749 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 10.443 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 359.645 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0861&SUBSYS_1043C601&REV_1003\5&1C6A08EA&0&0001
Service: IntcAzAudAddService

==== System Restore Points ===================

RP475: 12/5/2008 9:36:34 AM - System Checkpoint
RP476: 12/6/2008 10:01:46 AM - System Checkpoint
RP477: 12/7/2008 11:02:52 AM - System Checkpoint
RP478: 12/8/2008 11:10:31 AM - System Checkpoint
RP479: 12/9/2008 12:04:30 PM - System Checkpoint
RP480: 12/10/2008 1:01:47 PM - System Checkpoint
RP481: 12/11/2008 2:01:46 PM - System Checkpoint
RP482: 12/12/2008 3:01:45 PM - System Checkpoint
RP483: 12/13/2008 4:01:45 PM - System Checkpoint
RP484: 12/14/2008 5:01:45 PM - System Checkpoint
RP485: 12/15/2008 6:11:51 PM - System Checkpoint
RP486: 12/16/2008 6:31:20 PM - System Checkpoint
RP487: 12/17/2008 7:01:44 PM - System Checkpoint
RP488: 12/18/2008 7:52:43 PM - System Checkpoint
RP489: 12/19/2008 8:45:45 PM - System Checkpoint
RP490: 12/20/2008 10:48:53 PM - System Checkpoint
RP491: 12/21/2008 10:51:44 PM - System Checkpoint
RP492: 12/23/2008 12:35:52 AM - System Checkpoint
RP493: 12/24/2008 1:31:21 AM - System Checkpoint
RP494: 12/25/2008 2:31:22 AM - System Checkpoint
RP495: 12/26/2008 3:31:23 AM - System Checkpoint
RP496: 12/27/2008 4:31:25 AM - System Checkpoint
RP497: 12/28/2008 5:40:37 AM - System Checkpoint
RP498: 12/29/2008 6:31:23 AM - System Checkpoint
RP499: 12/30/2008 7:31:22 AM - System Checkpoint
RP500: 12/31/2008 8:31:21 AM - System Checkpoint
RP501: 1/1/2009 9:32:27 AM - System Checkpoint
RP502: 1/2/2009 10:43:21 AM - System Checkpoint
RP503: 1/3/2009 11:31:20 AM - System Checkpoint
RP504: 1/4/2009 12:43:22 PM - System Checkpoint
RP505: 1/5/2009 1:54:36 PM - System Checkpoint
RP506: 1/6/2009 1:56:45 PM - System Checkpoint
RP507: 1/7/2009 8:37:12 PM - Restore Operation
RP508: 1/7/2009 9:11:56 PM - Restore Operation
RP509: 1/7/2009 9:16:07 PM - Restore Operation
RP510: 1/7/2009 9:24:49 PM - Restore Operation
RP511: 1/7/2009 9:40:53 PM - Restore Operation
RP512: 1/8/2009 9:44:16 PM - System Checkpoint
RP513: 1/9/2009 9:56:36 PM - System Checkpoint
RP514: 1/10/2009 11:12:39 PM - System Checkpoint
RP515: 1/12/2009 1:43:49 AM - System Checkpoint
RP516: 1/13/2009 1:56:35 AM - System Checkpoint
RP517: 1/14/2009 3:03:42 AM - System Checkpoint
RP518: 1/15/2009 3:57:36 AM - System Checkpoint
RP519: 1/16/2009 4:21:55 AM - System Checkpoint
RP520: 1/17/2009 4:58:16 AM - System Checkpoint
RP521: 1/17/2009 2:02:25 PM - Removed Ad-Aware 2007
RP522: 1/17/2009 2:03:42 PM - Removed AVG 7.5
RP523: 1/17/2009 2:05:03 PM - Installed AVG 7.5
RP524: 1/17/2009 2:05:31 PM - Avira AntiVir Personal - 1/17/2009 14:05
RP525: 1/18/2009 4:56:27 PM - System Checkpoint
RP526: 1/19/2009 5:16:53 PM - System Checkpoint
RP527: 1/20/2009 6:40:16 PM - System Checkpoint
RP528: 1/21/2009 6:56:32 PM - System Checkpoint
RP529: 1/22/2009 8:40:55 PM - System Checkpoint
RP530: 1/23/2009 9:12:21 PM - System Checkpoint
RP531: 1/24/2009 9:56:33 PM - System Checkpoint
RP532: 1/25/2009 10:01:49 PM - System Checkpoint
RP533: 1/26/2009 11:15:06 PM - System Checkpoint
RP534: 1/27/2009 11:55:28 PM - System Checkpoint
RP535: 1/28/2009 11:56:35 PM - System Checkpoint
RP536: 1/30/2009 12:53:31 AM - System Checkpoint
RP537: 1/31/2009 4:34:56 AM - System Checkpoint
RP538: 2/1/2009 4:55:30 AM - System Checkpoint
RP539: 2/2/2009 5:55:30 AM - System Checkpoint
RP540: 2/3/2009 6:55:27 AM - System Checkpoint
RP541: 2/4/2009 7:55:27 AM - System Checkpoint
RP542: 2/5/2009 8:55:27 AM - System Checkpoint
RP543: 2/6/2009 9:51:08 AM - System Checkpoint
RP544: 2/6/2009 6:14:50 PM - Restore Operation
RP545: 2/7/2009 6:29:07 PM - System Checkpoint
RP546: 2/8/2009 6:47:27 PM - System Checkpoint
RP547: 2/9/2009 6:52:31 PM - System Checkpoint
RP548: 2/10/2009 8:21:46 PM - System Checkpoint
RP549: 2/11/2009 9:31:16 PM - System Checkpoint
RP550: 2/12/2009 9:45:55 PM - System Checkpoint
RP551: 2/13/2009 10:29:07 PM - System Checkpoint
RP552: 2/14/2009 10:45:53 PM - System Checkpoint
RP553: 2/15/2009 11:45:54 PM - System Checkpoint
RP554: 2/17/2009 1:01:11 AM - System Checkpoint
RP555: 2/18/2009 2:22:42 AM - System Checkpoint
RP556: 2/19/2009 2:58:48 AM - System Checkpoint
RP557: 2/20/2009 3:02:30 AM - System Checkpoint
RP558: 2/20/2009 2:52:27 PM - Restore Operation
RP559: 2/20/2009 3:06:45 PM - Restore Operation
RP560: 2/21/2009 5:49:34 PM - System Checkpoint
RP561: 2/22/2009 6:11:17 PM - System Checkpoint
RP562: 2/23/2009 6:47:46 PM - System Checkpoint
RP563: 2/24/2009 10:48:43 PM - System Checkpoint
RP564: 2/25/2009 11:46:40 PM - System Checkpoint
RP565: 2/27/2009 12:46:41 AM - System Checkpoint
RP566: 2/28/2009 2:56:11 AM - System Checkpoint
RP567: 3/1/2009 3:53:17 AM - System Checkpoint
RP568: 3/2/2009 3:54:23 AM - System Checkpoint
RP569: 3/3/2009 4:23:42 AM - System Checkpoint
RP570: 3/4/2009 4:58:05 AM - System Checkpoint

==== Installed Programs ======================

Adobe Audition 1.5
Adobe Reader 8.1.1
Athlon 64 Processor Driver
Audacity 1.2.3
Belarc Advisor 7.2
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CCleaner (remove only)
CDDRV_Installer
Diskeeper Professional Premier Edition
Express Burn
High Definition Audio Driver Package - KB888111
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
Java™ 6 Update 3
Kensington MouseWorks
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NaTCH SigJenny v0.989
Nero 7 Ultra Edition
neroxml
NETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121
NVIDIA Drivers
PCI SoftV92 Modem
Platform
Quartz Studio Eval
Realtek High Definition Audio Driver
Seagate DiscWizard
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
SimSynth™ 2.x DEMO
SIW version 1.73
Spybot - Search & Destroy
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xtreme Sound PCI

==== Event Viewer Messages From Past Week ========

3/3/2009 11:06:42 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/3/2009 11:06:42 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/3/2009 11:06:42 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\TOM\LOCALS~1\Temp\mia1\InstallerExtensions.dll. Reference error message: The operation completed successfully. .

==== End Of File ===========================


DDS (Ver_09-02-01.01) - NTFSx86
Run by TOM at 22:44:22.01 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.26 [GMT -6:00]

AV: CA Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\NETGEAR\WPNT121\WPNT121.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Documents\Compsound3\dds(5).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpnt121\WPNT121.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189269032250
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193272300734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {89BABCDF-1944-4C3E-B8CC-698E445BAFF3} = 207.250.248.10 207.250.248.9
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom\applic~1\mozilla\firefox\profiles\tquad@milwpc.com\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-03 23:40 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 23:07 <DIR> -cd----- c:\docume~1\alluse~1.win\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 03:20 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\CA-SupportBridge
2009-02-21 00:16 <DIR> --d----- c:\windows\CAVTemp

==================== Find3M ====================

2009-03-04 22:25 3,591 a------- c:\program files\i_view32.ini
2009-02-21 15:31 7,304 a------- c:\windows\TMP0001.TMP
2009-01-17 16:49 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-01-17 16:49 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2008-12-05 20:35 233,494 a------- c:\program files\i_view32.chm
2008-12-05 20:35 67,852 a------- c:\program files\i_changes.txt
2008-12-05 20:35 29,184 a------- c:\program files\iv_uninstall.exe
2008-12-05 20:35 14,047 a------- c:\program files\i_options.txt
2008-12-05 20:35 11,945 a------- c:\program files\i_plugins.txt
2008-12-05 20:35 2,351 a------- c:\program files\i_about.txt
2008-12-05 20:35 765 a------- c:\program files\i_languages.txt
2008-12-05 20:35 470,016 a------- c:\program files\i_view32.exe
2008-07-25 11:35 31,430 a---h--- c:\program files\i_view32.GID
2007-10-24 16:23 206,436 a------- c:\program files\i_view32.hlp
2007-10-24 16:23 5,811 a------- c:\program files\i_view32.cnt
2007-10-24 16:23 661 a------- c:\program files\i_view32.exe.manifest

============= FINISH: 22:45:19.60 ===============

Edited by TQUAD, 05 March 2009 - 12:27 AM.


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 06 March 2009 - 07:12 PM

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Now onto trying to fix your computer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Also can you tell me what kind of internet connection you have?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 07 March 2009 - 04:41 PM


Bleeping Computer,
Hoov,
Thank you for responding. So far, I have only removed the program 'Roboform' because I discovered it is not compatible with the version of Mozilla Firefox that I am using.
I have not done anything to my registry, per the first instructions from Bleeping Computer staff after running DDS and posting the log and text files. Next, I successfully downloaded and ran 'Malwarebytes Anti-Malware'. I removed the indicated item and exited. Enclosed is the log file.

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/7/2009 3:19:09 PM
mbam-log-2009-03-07 (15-19-09).txt

Scan type: Quick Scan
Objects scanned: 74002
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am looking forward to any advice you have that will help me clean up my computer.
Again, thank you for responding.
TQUAD

Edited by TQUAD, 07 March 2009 - 04:45 PM.


#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 07 March 2009 - 05:10 PM

You did forget to answer one question though, what kind of internet connection are you using?

Also Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

And can you tell me, is your computer doing anything else out of the ordinary?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 08 March 2009 - 06:07 AM


Bleeping Computer,
Hoov,
I am afraid somrthing went wrong when I used 'Combofix'. Most likely it's my fault. My copy of CA had not updated since the original install according to the program log and a new version would not download. As a result I removed CA and installed AVG Free and ZoneAlarm. I know I followed the directions correctly but several things happened after the computer restarted from 'Combofix'. Both new programs were removed from my systray. I had to recheck their boxes in the 'Startup' menu and reboot to get them back. All of my Quick-Launch programs were deleted and I could not get back online after running the program. All I would get is a blank web page no matter what the destination. After several reboots I can obviously get online again but not if I have just run 'Combofix'. My original 'Problem' has been fixed. I hope this is the correct log for 'Combofix'. I am connecting to the internet at good old dial up speed, allegedly 56k. I primarily use Mozilla Firefox as my browser. My pc is doing a few things unusual. I now have to 'refresh' most web pages otherwise all I get is a 'timed-out' notice, even for Bleeping Computer.com. I also have to select which Windows XP I wish to install when I reboot, XP Pro or from the new 'Reference point'.
I would appreciate any further suggestions if you see anything else that shouldn't be there..
Thanks for all the help.
TQUAD


ComboFix 09-03-06.02 - TOM 2009-03-07 19:02:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.197 [GMT -6:00]
Running from: c:\my documents\Compsound3\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-07 15:02 . 2009-03-07 15:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 15:02 . 2009-03-07 15:02 <DIR> d-------- c:\documents and settings\TOM\Application Data\Malwarebytes
2009-03-07 15:02 . 2009-03-07 15:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-07 15:02 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 15:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 12:01 . 2009-03-07 12:01 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-07 09:01 . 2009-03-07 09:45 1,355 --a------ c:\windows\imsins.BAK
2009-03-06 14:49 . 2009-03-06 14:50 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-06 14:49 . 2009-03-06 14:49 <DIR> d-------- c:\program files\Zone Labs
2009-03-06 14:49 . 2008-08-21 20:41 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-03-06 14:49 . 2009-03-07 19:06 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-03-06 14:46 . 2009-03-06 14:46 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 14:46 . 2009-03-06 14:46 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 14:45 . 2009-03-06 19:39 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 14:45 . 2009-03-06 14:57 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-06 14:45 . 2009-03-06 14:45 <DIR> d-------- c:\program files\AVG
2009-03-06 14:45 . 2009-03-06 14:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-03-06 14:45 . 2009-03-06 14:45 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 23:40 . 2009-03-03 23:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-03 23:07 . 2009-03-03 23:07 <DIR> d----c--- c:\documents and settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-03 03:20 . 2009-03-03 03:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\CA-SupportBridge
2009-02-21 00:16 . 2009-03-06 13:26 <DIR> d-------- c:\windows\CAVTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 01:05 7,304 ----a-w c:\windows\TMP0001.TMP
2009-03-07 23:51 3,590 ----a-w c:\program files\i_view32.ini
2009-03-05 06:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-03-03 05:05 --------- d-----w c:\program files\Siber Systems
2009-03-02 19:00 --------- d-----w c:\program files\HiJack This
2008-12-18 21:57 11,569,556 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2008-12-06 02:35 765 ----a-w c:\program files\i_languages.txt
2008-12-06 02:35 67,852 ----a-w c:\program files\i_changes.txt
2008-12-06 02:35 470,016 ----a-w c:\program files\i_view32.exe
2008-12-06 02:35 29,184 ----a-w c:\program files\iv_uninstall.exe
2008-12-06 02:35 233,494 ----a-w c:\program files\i_view32.chm
2008-12-06 02:35 2,351 ----a-w c:\program files\i_about.txt
2008-12-06 02:35 14,047 ----a-w c:\program files\i_options.txt
2008-12-06 02:35 11,945 ----a-w c:\program files\i_plugins.txt
2008-07-25 17:35 31,430 ---ha-w c:\program files\i_view32.GID
2007-10-24 22:23 661 ----a-w c:\program files\i_view32.exe.manifest
2007-10-24 22:23 5,811 ----a-w c:\program files\i_view32.cnt
2007-10-24 22:23 206,436 ----a-w c:\program files\i_view32.hlp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-08-08 148760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 c:\windows\system32\kmw_run.exe]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-24 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 14:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WPNT121 Smart Wizard.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPNT121 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPNT121 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-08-08 20:00 1945424 c:\program files\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 19:07 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
--a------ 2007-08-08 19:47 1169456 c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2006-06-07 13:35 319488 c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 10:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-29 01:43 8466432 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 01:43 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 03:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-02 10:00 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 16:32 56080 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 16:32 56080 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 01:43 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-09-11 11:58 16264192 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-15 13:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Kensington\\MouseWorks\\k_update.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
S3 Airgo3U;NETGEAR RangeMax™ 240 Wireless USB 2.0 Adapter WPNT121;c:\windows\system32\drivers\TMIMO31U.sys [2006-03-06 722432]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.CPL
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {89BABCDF-1944-4C3E-B8CC-698E445BAFF3} = 207.250.248.10 207.250.248.9
FF - ProfilePath - c:\documents and settings\TOM\Application Data\Mozilla\Firefox\Profiles\TQUAD@milwpc.com\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 19:06:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-583907252-839522115-1003\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1606980848-583907252-839522115-1003\Data\220d5cd0-853a-11d0-84bc-00c04fd43f8f\220d5cd1-853a-11d0-84bc-00c04fd43f8f\01c2e37c91245396*L*XL*XL*h]
"Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f,
00,77,00,73,00,00,00,14,00,00,00,b0,40,fa,a3,45,82,a1,a4,b5,5f,b1,93,82,ed,\
"Item Data"=hex:02,00,00,00,18,00,00,00,d3,bc,16,20,b7,5c,6a,01,14,ea,41,10,7d,
6b,43,31,34,51,c9,8b,42,95,21,57,30,00,00,00,0f,2c,f9,37,f6,b5,3e,b1,72,36,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\kmw_show.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-03-07 19:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-08 01:09:31

Pre-Run: 130,292,617,216 bytes free
Post-Run: 130,202,091,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

193 --- E O F --- 2009-03-07 15:45:18

Edited by TQUAD, 08 March 2009 - 06:14 AM.


#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 08 March 2009 - 10:29 AM

That is the right log, and sometimes combofix does affect systems in unforeseen ways. About your dialup connection, I understand. I live in the middle of no where myself, but luckily a wireless company came into my area a year ago.

From what you wrote it sounds as if all the problems that combofix caused are resolved, and that your original problem is also resolved. Is there any other problem that needs to be resolved?

There are two other problems I see

Also uninstall Adobe Acrobat 8 and install Version 9

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6.0.
Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12".
Click the "Download" button to the right.
UNCHECK the option to install Google Toolbar if you don't want it .
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
[*]Note: By default a box may be checked to install a toolbar - if you do not want to install it, then be sure to opt-out by unchecking that box.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 08 March 2009 - 07:40 PM


Bleeping Computer,
Hoov,
I followed the directions and downloaded Adobe Reader first and then Java 6 next. I then went to 'Add and Remove' and removed both the old versions. I was surprised to notice that my old versions were 128+mb and 111mb respectively, yet the new versions were only 35.5mb and 15.5mb approximately. Is there any reason for the very large difference? Should I also have downloaded and installed the 64 exe version of Java? Last I rebooted and installed the new versions. I received an 'Error' message from the Java install but it appears to be working. Any concern? How could I tell if the Java 6 install was corrupt?
Unfortunately I am still having huge problems going online. Just getting to my email and replying to this took over 3 hours. Most of the time when I attempt to go online all I get is a big blank white screen where a web page should be. Clicking the 'Refresh' arrow accomplishes nothing. Changing from Mozilla Firefox to IE does nothing as well. The 'Address' for any given site is usually correct, such as 'http://www.bleepingcomputer.com/forums/index.php?' etc. I've checked my protocol settings, my phone numbers, my user name and password, my security and privacy settings, the connections, the advanced settings, all the individual settings for each specific browser and even the spelling. They are all the same as they are right now when I do actually get online. The only way I'm succeeding now is to reboot, usually 3 or 4 times. In addition, when I reboot, I now have to choose which version of Windows I want. One is Windows XP Pro and the other is Windows Recovery Console. When you select Recovery Console, I personally find it to be extremely confusing as to what exactly it is doing. Eventually you must type 'EXIT' to continue with the reboot. I'm not certain which version re-instated internet access or if it will even work the next time I go online. All I can tell you is it is extremely frustrating to continuously land on blank pages. Do you have any way of checking my pc? Would another posting of my 'HJT' log be of any help? I apologize for asking you to examine them again but my computer is one of my few sources of entertainment. I'm a quadriplegic stuck in a 'Retirement' facility and use it quite a lot.
Being unable to access the internet would drive me crazy. I'm looking forward to seeing your suggestions. Thank you again for the time and effort you have given me. Sorry about the 'font' selection. Ooops. Sincerely Yours,
Thomas. E. Luell
TQUAD

Edited by TQUAD, 08 March 2009 - 07:46 PM.


#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 08 March 2009 - 08:22 PM

Do you remember when this first started, or about when it got bad?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 08 March 2009 - 09:33 PM


Bleeping Computer,
Hoov,
Yes, the problem started immediately after I ran the DDS analyzer program and rebooted. At first I thought it was just a temporary effect as you indicated might happen. Sadly, this problem has not gone away. I haven't even gone off line since my last reply for fear I won't be able to get back on. I even checked with Milwaukee PC, my ISP. They say my internet connection is fine and therefore it is either Yahoo.com or my computer. I did not tell them it happens no matter what web site I tried to go to. Any ideas?
Sincerely yours,
TQUAD/Tom

#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 08 March 2009 - 10:56 PM

Do system restore to just before you had this problem. Go to the start button, all programs, accessories, system tools, system restore. Select restore to an earlier time, then click next, and then select the day and time to restore the computer to, then hit next. The computer will do the rest. Once its done (after the reboot) let me know the situation.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 08 March 2009 - 11:10 PM


Bleeping Computer,
Hoov,
I'll give it a try, but remember, it failed to eliminate my previous problem. To make matters worse I'm not really sure what day I first ran DDS. I will hopefully be back in a few minutes. If not, then the problem didn't go away and it will take me a while.
Thanks Again,
TQUAD/Tom

#14 TQUAD

TQUAD
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:03:11 AM

Posted 08 March 2009 - 11:53 PM


Bleeping Computer,
Hoov,
Well I'm back, but not with any good news. I tried three, [3], different 'Restore' dates. I found the original text log from DDS and it was dated 2-21-09. I attempted to 'Restore' the computer to 2-19-09, 2-17-09 and finally 2-13-09. All three said 'there has been no change to your computer'. I'm presuming that the 'Restore' feature is not working for some as of yet unknown reason. As I mentioned, it would not 'Restore' and correct the previous problem. Coincidentally, while I was typing this that damned 'Connect To Internet' box appeared twice. [Just great]. At this point I would look at my HJT logs, but unfortunately, there are way too many entries that I simply do not comprehend. I used to keep a copy of one of my HJT logs from a time where I knew the computer was operating acceptably. That way I could compare it to a new HJT log when the pc began giving me problems. Then I could see what might have changed and correct it. I'm also not pleased with that box reappearing the way it did. I was really hoping that problem was eliminated. I am also very unhappy that the 'System Restore' feature on my computer no longer is working. Why???
Any ideas on what to do next? Any suggestions would be very much appreciated. I can implement and usually understand most registry changes etc. but I am no good at all at troubleshooting. Looking forward to hearing from you.
Much thanks and appreciation.
Sincerely yours again,
TQUAD/Tom

Edited by TQUAD, 09 March 2009 - 12:06 AM.


#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:11 AM

Posted 09 March 2009 - 11:02 AM

go to the run command and type in sfc /scannow. Let me know what it finds. Also try rebooting into safe mode and see if your computer runs any differently.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users