No Internet Access after virus removal :(

[nasroo7]

Hello!




   First, thank you a lot for being here!
My friend got infected by a virus. All Exe files were not working anymore (telling me to choose a program to open with).

So, what I did was:
 - Ran "ExeFix.reg" that I found online. (I put it on the next reply, to explain what is it) > Exe were working again.
 - Ran "FixNCR.reg" that I saw in a newspaper.
 - Ran "RKill" (no process was stopped)
 - Malwarebytes "Full scan" > 20 Threads (I know I'm bad, but I don't have the log anymore) (I remember: Virus:Win32/Sirefef.N and Rogue:Win32/FakeRean)
 - Super Antispyware "Full scan" (as described in "Read this before requesting malware removal help") > 201 Adwares
 - Microsoft Security Essentials "Full scan" > No threads
 - AVP Tool by Kaspersky (As described by "SuperDave" in another topic) > 5 threads (While it was scanning, Microsoft Security Essentials was blocking "Virus:Win32/Sirefef.N and Rogue:Win32/FakeRean")
 - TdsKiller > No threads
 - SpyBot > no threads
 - CCleaner

At that point, I ran Again Malwarebytes, SuperAntiSpyware and Microsoft Security Essentials (Full scans in Safe mode, and Regular mode), No threads detected anymore.

 (all of that took me like 5 days)



Now, Internet was working, and no sign of Viruses.
But Windows Updates wasn't working (iexplorer cannot display the web page)
And the Security Center was turned OFF.

 - I found online "http://support.microsoft.com/kb/883614"
I did it. didn't solve the problem

I ran LSPFix ... found some issues... clicked on Fix. But now There is NO internet at ALL. (I ran LSPFix, because one time I wasn't able to access Internet and "SuperDave" told me to use it. =P ) but i didn't have to do it this time I guess...?

So, I tried to reset all Iexplorer settings in "Reset Defult" it doesn't solve the problem.
There is no PROXY, and everything is on "Detect Automatically... IP, DNS..."
I tried to activate the firewall, it tells me that it cannot start "Connection Sharing ICS service"
I tried to start Automatic Updates service, but it tells me "It had to stop, because it has no action to take.


I know that you suggest that we have to start by asking you first. But I wanted to do it by myself.
And I know that you do it for free, so I don't want to bother you every time I'm on a computer.


I ran all again
I don't have all the logs, because after I ran Malwarebytes, I deleted it. And same thing with all the other virus removals softwares. Except for Microsoft Security Essentials.

So, I ran DDS, Hijack This, and ComboFix (commy) as described by "SuperDave" in another post.
Here is the Logs.

I know that maybe you cannot help me since I didn't start everything with you... But If you can do something, that would be great.

Here is all the logs. And tell me if there is something you can do for me or not :s



So basically, now:
In Network Connections: It's "Limited or no connectivity" (Computer is plugged to Ethernet > I plugged the same Ethernet cable to my laptop, and it's working)
No Internet at all

Put an internal PCI Ethernet Card into the desktop... But same thing.
Everything in Device Manager looks fine.

[nasroo7]

HiJackThis log:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:13 PM, on 1/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Annette\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251588442812
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 6195 bytes

[nasroo7]

DDS log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2009 11:40:05 AM
System Uptime: 1/6/2012 4:45:11 PM (1 hours ago)
.
Motherboard: BIOSTAR Group |  | N61PB-M2S
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2  | 2712/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 117.432 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 1/5/2012 2:37:43 PM - System Checkpoint
RP2: 1/6/2012 2:10:33 PM - Restore Operation
RP3: 1/6/2012 2:53:25 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Advertising Center
Critical Update for Windows Media Player 11 (KB959772)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Java Auto Updater
Java(TM) 6 Update 30
Juice 2.2
Knoll Light Factory EZ Studio
Media Converter for Philips
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Napster
Napster Burn Engine
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Control Panel 275.33
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
Pinnacle Creative Pack Volume 2
Pinnacle Studio 14
Pinnacle Studio Ultimate Plugins
Pinnacle Video Driver
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Detect
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)
.
==== Event Viewer Messages From Past Week ========
.
1/4/2012 2:24:36 AM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
1/3/2012 9:14:00 PM, error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
1/3/2012 8:58:35 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
1/3/2012 8:56:04 PM, error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP173\A0047464.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status:  To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.     Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.     Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/3/2012 7:56:40 PM, error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP173\A0047464.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status:  To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.     Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.     Signature Version: AV: 1.117.1674.0, AS: 1.117.1674.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/3/2012 6:52:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072ee7    Error description: The server name or address could not be resolved
1/3/2012 6:52:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072ee7    Error description: The server name or address could not be resolved
1/3/2012 6:52:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072ee7    Error description: The server name or address could not be resolved
1/3/2012 6:52:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072ee7    Error description: The server name or address could not be resolved
1/3/2012 6:52:30 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
1/3/2012 6:30:18 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072efd    Error description: A connection with the server could not be established
1/3/2012 6:30:18 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072efd    Error description: A connection with the server could not be established
1/3/2012 6:30:18 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072efd    Error description: A connection with the server could not be established
1/3/2012 6:30:18 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.1674.0&asdelta=1.117.1674.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80072efd    Error description: A connection with the server could not be established
1/3/2012 6:30:15 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/3/2012 6:30:13 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.117.1674.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7903.0    Error code: 0x80070424    Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

[nasroo7]

Dds  log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Annette at 17:58:57 on 2012-01-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1790.1124 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Alcmtr] ALCMTR.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251588442812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-8-3 13696]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2e6c0200;MpKsl2e6c0200;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl2e6c0200.sys [2012-1-6 29904]
S1 MpKsl607219cb;MpKsl607219cb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\mpksl607219cb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl607219cb.sys [?]
S1 MpKslcf261482;MpKslcf261482;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81a36ea3-d5b6-4b81-9e48-f2179236a830}\mpkslcf261482.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81a36ea3-d5b6-4b81-9e48-f2179236a830}\MpKslcf261482.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-12 2214504]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-06 21:45:38   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl2e6c0200.sys
2012-01-06 21:45:33   56200   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\offreg.dll
2012-01-06 19:55:31   20992   -c--a-w-   c:\windows\system32\dllcache\rtl8139.sys
2012-01-06 19:55:31   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2012-01-06 19:54:02   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-01-06 19:54:02   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-06 19:12:12   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-06 18:55:05   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-06 15:13:42   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKslf611ffdd.sys
2012-01-06 15:12:33   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-01-06 15:12:33   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-01-06 15:12:31   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-01-06 15:12:31   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-01-05 23:39:39   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl2f6e07b0.sys
2012-01-05 23:36:42   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl8870e3ef.sys
2012-01-05 23:30:26   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKslb4b1b8de.sys
2012-01-05 23:29:39   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl0a986efc.sys
2012-01-05 19:47:01   --------   d-----w-   c:\documents and settings\annette\local settings\application data\PCHealth
2012-01-05 15:41:35   --------   dc----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-05 15:41:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2012-01-05 01:21:33   --------   dc----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-04 22:06:29   --------   d-----w-   c:\documents and settings\annette\application data\Malwarebytes
2012-01-04 02:04:21   --------   d-----w-   c:\windows\pss
2012-01-04 01:58:50   6823496   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\mpengine.dll
2012-01-03 23:40:54   --------   dc----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-01-03 23:40:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-23 22:36:21   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-12-23 22:36:21   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M  ====================
.
2011-12-15 01:15:15   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-15 19:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54:13   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 08:27:10   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
.
============= FINISH: 17:59:58.84 ===============

[nasroo7]

I know that you already knows it, but to make sure if I had a good one or not :s
ExeFix.reg



Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

[nasroo7]

Here is FixNCR.reg



Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\.exe\shell]

[-HKEY_CLASSES_ROOT\.exe\DefaultIcon]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"

[HKEY_CLASSES_ROOT\exefile]
"Content Type"=-

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"=-

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
"IsolatedCommand"=-

[HKEY_CLASSES_ROOT\.bat]
@="batfile"

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[-HKEY_CURRENT_USER\SOFTWARE\Classes\.exe]

[-HKEY_CURRENT_USER\Software\Classes\exefile]

[-HKEY_CLASSES_ROOT\secfile]

[-HKEY_CURRENT_USER\Software\Classes\secfile]

[-HKEY_CLASSES_ROOT\pezfile]

[-HKEY_CURRENT_USER\Software\Classes\pezfile]

[-HKEY_CLASSES_ROOT\sezfile]

[-HKEY_CURRENT_USER\Software\Classes\sezfile]

[-HKEY_CLASSES_ROOT\ah]

[-HKEY_CURRENT_USER\Software\Classes\ah]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="firefox.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
@="firefox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="iexplore.exe"

[nasroo7]

ComboFix says that:

Infected with Rootkit.ZeroAccess. It has inserted itself into the tcp/ip stack.

[nasroo7]

ComboFix 12-01-06.03 - Annette 01/06/2012  19:11:46.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1790.1387 [GMT -5:00]
Running from: c:\documents and settings\Annette\Desktop\Commy.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Annette\Local Settings\Application Data\.#
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@A6C@383470.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@A6C@383480.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@A6C@383490.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@A6C@3834A0.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@EE8@383470.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@EE8@383480.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@EE8@383490.###
c:\documents and settings\Annette\Local Settings\Application Data\.#\MBX@EE8@3834A0.###
c:\windows\$NtUninstallKB34037$
c:\windows\$NtUninstallKB34037$\2551848175\@
c:\windows\$NtUninstallKB34037$\2551848175\bckfg.tmp
c:\windows\$NtUninstallKB34037$\2551848175\cfg.ini
c:\windows\$NtUninstallKB34037$\2551848175\Desktop.ini
c:\windows\$NtUninstallKB34037$\2551848175\keywords
c:\windows\$NtUninstallKB34037$\2551848175\kwrd.dll
c:\windows\$NtUninstallKB34037$\2551848175\L\gcjvwdai
c:\windows\$NtUninstallKB34037$\2551848175\lsflt7.ver
c:\windows\$NtUninstallKB34037$\2551848175\U\00000001.@
c:\windows\$NtUninstallKB34037$\2551848175\U\00000002.@
c:\windows\$NtUninstallKB34037$\2551848175\U\00000004.@
c:\windows\$NtUninstallKB34037$\2551848175\U\80000000.@
c:\windows\$NtUninstallKB34037$\2551848175\U\80000004.@
c:\windows\$NtUninstallKB34037$\2551848175\U\80000032.@
c:\windows\$NtUninstallKB34037$\3477138433
c:\windows\system32\NEW12.tmp
c:\windows\system32\NEW3B.tmp
c:\windows\system32\NEWB3.tmp
c:\windows\system32\NEWC4.tmp
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-07 to 2012-01-07  )))))))))))))))))))))))))))))))
.
.
2012-01-07 00:17 . 2008-04-13 20:18   52480   -c--a-w-   c:\windows\system32\dllcache\i8042prt.sys
2012-01-07 00:17 . 2008-04-13 20:18   52480   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2012-01-06 23:35 . 2011-11-21 10:47   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50D1D361-24E3-4FAB-A8E4-0B8665C70743}\mpengine.dll
2012-01-06 19:55 . 2004-08-04 03:31   20992   -c--a-w-   c:\windows\system32\dllcache\rtl8139.sys
2012-01-06 19:55 . 2004-08-04 03:31   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2012-01-06 19:54 . 2012-01-06 19:54   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-06 19:12 . 2008-04-13 19:39   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-06 18:55 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-01-05 19:47 . 2012-01-05 19:47   --------   d-----w-   c:\documents and settings\Annette\Local Settings\Application Data\PCHealth
2012-01-05 18:00 . 2012-01-05 18:00   --------   d-----w-   c:\program files\Common Files\Java
2012-01-05 15:41 . 2012-01-05 16:18   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-05 15:41 . 2012-01-05 17:42   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2012-01-05 01:21 . 2012-01-05 01:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-04 22:06 . 2012-01-04 22:06   --------   d-----w-   c:\documents and settings\Annette\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-03 23:40   --------   dc----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-05 18:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-23 22:36 . 2008-04-13 19:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-12-23 22:36 . 2008-04-13 19:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-12-18 22:26 . 2011-12-18 22:26   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 01:15 . 2011-05-18 00:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-10-20 13:04   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 19:29 . 2011-09-28 22:48   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2010-06-21 13:06   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-09-02 23:18   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2006-02-28 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-08-03 15:34   692736   ----a-w-   c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-24 16859648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"BBSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1177:UDP"= 1177:UDP:Windows Media Format SDK (napster.exe)
"1176:UDP"= 1176:UDP:Windows Media Format SDK (napster.exe)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/3/2009 10:58 AM 13696]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/12/2011 7:42 AM 2214504]
S1 MpKsl607219cb;MpKsl607219cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys [?]
S1 MpKslcf261482;MpKslcf261482;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-01-06  19:26:10 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-07 00:26
.
Pre-Run: 126,399,516,672 bytes free
Post-Run: 127,193,780,224 bytes free
.
- - End Of File - - 56EB521DAF4C3BE450845D3D9861CC73

[nasroo7]

I ran ComboFix a second time,
Because It suggested me the first time, that if my internet connection doesn't come back after rebooting, I should run ComboFix a second time again.





ComboFix 12-01-06.03 - Annette 01/06/2012  19:45:01.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1790.1165 [GMT -5:00]
Running from: c:\documents and settings\Annette\Desktop\Commy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-07 to 2012-01-07  )))))))))))))))))))))))))))))))
.
.
2012-01-07 00:41 . 2012-01-07 00:41   29904   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04870AE8-89D6-4D57-AB08-BBFF7794D987}\MpKslaf327d42.sys
2012-01-07 00:41 . 2012-01-07 00:41   56200   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04870AE8-89D6-4D57-AB08-BBFF7794D987}\offreg.dll
2012-01-07 00:41 . 2011-11-21 10:47   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04870AE8-89D6-4D57-AB08-BBFF7794D987}\mpengine.dll
2012-01-07 00:17 . 2008-04-13 20:18   52480   -c--a-w-   c:\windows\system32\dllcache\i8042prt.sys
2012-01-07 00:17 . 2008-04-13 20:18   52480   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2012-01-06 19:55 . 2004-08-04 03:31   20992   -c--a-w-   c:\windows\system32\dllcache\rtl8139.sys
2012-01-06 19:55 . 2004-08-04 03:31   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2012-01-06 19:54 . 2012-01-06 19:54   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-06 19:12 . 2008-04-13 19:39   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-06 18:55 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-01-05 19:47 . 2012-01-05 19:47   --------   d-----w-   c:\documents and settings\Annette\Local Settings\Application Data\PCHealth
2012-01-05 18:00 . 2012-01-05 18:00   --------   d-----w-   c:\program files\Common Files\Java
2012-01-05 15:41 . 2012-01-05 16:18   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-05 15:41 . 2012-01-05 17:42   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2012-01-05 01:21 . 2012-01-05 01:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-04 22:06 . 2012-01-04 22:06   --------   d-----w-   c:\documents and settings\Annette\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-03 23:40   --------   dc----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-05 18:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-23 22:36 . 2008-04-13 19:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-12-23 22:36 . 2008-04-13 19:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-12-18 22:26 . 2011-12-18 22:26   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 01:15 . 2011-05-18 00:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-10-20 13:04   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 19:29 . 2011-09-28 22:48   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2010-06-21 13:06   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-09-02 23:18   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2006-02-28 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-08-03 15:34   692736   ----a-w-   c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-01-07_00.23.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-07 00:40 . 2012-01-07 00:40   16384              c:\windows\Temp\Perflib_Perfdata_738.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-24 16859648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"BBSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1177:UDP"= 1177:UDP:Windows Media Format SDK (napster.exe)
"1176:UDP"= 1176:UDP:Windows Media Format SDK (napster.exe)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/3/2009 10:58 AM 13696]
R1 MpKslaf327d42;MpKslaf327d42;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04870AE8-89D6-4D57-AB08-BBFF7794D987}\MpKslaf327d42.sys [1/6/2012 7:41 PM 29904]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/12/2011 7:42 AM 2214504]
S1 MpKsl607219cb;MpKsl607219cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys [?]
S1 MpKslcf261482;MpKslcf261482;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLAF327D42
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1420)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-06  19:50:34
ComboFix-quarantined-files.txt  2012-01-07 00:50
ComboFix2.txt  2012-01-07 00:26
.
Pre-Run: 127,159,844,864 bytes free
Post-Run: 127,150,477,312 bytes free
.
- - End Of File - - 1CA2E61BA42B8E5C545FE63CF21C8790

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
***************************************************************
Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post. .

[nasroo7]

Here is it.
I checked only the ones you told me, and left the other blank



MiniToolBox by Farbar
Ran by Annette (administrator) on 07-01-2012 at 14:04:31
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection 3 (Media disconnected)
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 4 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : home-d8a73cbaee

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-11-95-21-7D-32



Ethernet adapter Local Area Connection 3:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet #3

        Physical Address. . . . . . . . . : 00-E0-4D-BC-AC-A6

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 95 21 7d 32 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 e0 4d bc ac a6 ...... NVIDIA nForce Networking Controller #3 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
  255.255.255.255  255.255.255.255  255.255.255.255               3     1
  255.255.255.255  255.255.255.255  255.255.255.255               2     1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2012 01:40:38 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/06/2012 07:50:18 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/06/2012 07:31:08 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/06/2012 07:10:15 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)

Error: (01/06/2012 05:55:02 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog

Error: (01/06/2012 04:55:41 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/06/2012 04:45:42 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index metadata cannot be read.   (0xc0041801)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index metadata cannot be read.   (0xc0041801)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found.   (0x80070490)


System errors:
=============
Error: (01/04/2012 05:04:35 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 05:00:36 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 04:59:10 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (01/04/2012 11:17:01 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/04/2012 11:15:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/07/2012 01:40:38 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8 402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 07:50:18 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8 402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 07:31:08 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8024402cendsearchsearch3.0.8 402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 07:10:15 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)

Error: (01/06/2012 05:55:02 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Error: (01/06/2012 04:55:41 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0 .8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/06/2012 04:45:42 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
   The content index metadata cannot be read.   (0xc0041801)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index metadata cannot be read.   (0xc0041801)

Error: (01/06/2012 02:55:25 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   Element not found.   (0x80070490)
Search.TripoliIndexer


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 1790.48 MB
Available physical RAM: 1184.63 MB
Total Pagefile: 3685.05 MB
Available Pagefile: 3188.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:118.42 GB) NTFS
3 Drive d: (Scan Tools) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\HOME-D8A73CBAEE

Administrator            Annette                  ASPNET                   
Darren                   Guest                    HelpAssistant           
SUPPORT_388945a0         UpdatusUser             


**** End of log ****

[SuperDave]

Did you try resetting your modem? Disconnect the power supply for at least 30 secs.

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Press the green double checkmark box (Looks like this:


UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:





•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix

[nasroo7]

I didn't reset the modem.
The reason was because I connected 3 computers on the same modem, and they were all working fine. Except for this one.

[SuperDave]

I didn't reset the modem.
The reason was because I connected 3 computers on the same modem, and they were all working fine. Except for this one.

I thought about that this morning. Sorry. Did you try Dial-A-Fix?

[nasroo7]

Hi,

After I clicked on GO, it was doing its job, and I had error messages:

"Error 127: C:\windows\system32\iesetup.dll is not registrable or the file is corrupted. Yo version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Yo version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\imgulti.dll is not registrable or the file is corrupted. Yo version of imgulti.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\inseng.dll is not registrable or the file is corrupted. Yo version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Yo version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\mshtml.dll is not registrable or the file is corrupted. Yo version of mshtml.dll is: 8.00.6001.19170. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Yo version of mshtml.dll is: 8.00.6001.19170. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\msrating.dll is not registrable or the file is corrupted. Yo version of msrating.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\occache.dll is not registrable or the file is corrupted. Yo version of occache.dll is: 8.00.6001.19165. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\occache.dll is not DLLInstall-able or the file is corrupted. Yo version of ocache.dll is: 8.00.6001.19165. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\pngfilt.dll is not DLLInstall-able or the file is corrupted. Yo version of pngfilt.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\webcheck.dll is not registrable or the file is corrupted. Yo version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Yo version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
to continue.

•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix

I did have one error message when I executed Dial-A-Fix.exe, so I ignored and it clicked on OK, as you told me.
But when you told me about the error messages, I was kinda confused if you meant that I ignore the ones after I execute Dial-A-Fix.exe only. Or All of them (After I click on GO also)
So, here is the error messages I had after "GO"