Jump to content
daveusmc

My Network Connections Folder is empty. Can't connect to the net. Antivirus/Firewall some how disabled along with my Sound Control Panel...No sound.

Recommended Posts

Hi,

Just a couple of days ago I noticed that my Antivirus and Firewall got disabled; at the same time my Creative Labs Sound Control Panel is disabled and no sound. Can't get it to work. My ''Network Connections Folder''[icons are gone] yet files are set ''not to be hidden''. This all happened at the same time now.

I can't connect to the internet. Can't enable any of these items. Uninstall/reinstall didn't make a difference to any above mentioned items. I went into Safe Mode to run Malwarebytes and McAfee, as I typically do. I re-booted with absolutely no bad files found with either programs. I'm clean. What could be going on here?

When I re-booted, I also noticed my Administrator Account came up-NOT NORMAL HERE- along with my others I have for that extra protection, in case my password gets wiped out from malware or something. Now, I do have a second HD with Win XP Home SP3 installed as well; so at this point I'm able to email and get support, upload my scan logs ect...

I have HJ [Hijack This] installed as well as Any other info you may need I will get for you. I'm running Win XP Home w/ SP3 with all updates current.

I uploaded my MB log and was told it was clean. I was then ''referred'' to the PC Help section for advice. This still sounds like a malware problem to me, but I'm taking their advice and asking you for help. I don't want to reformat.

Regards,

DJ

Share this post


Link to post
Share on other sites

Hello daveusmc:

These are typical symptoms of infection. Please read and follow the instructions in I'm infected - What do I do now? An Expert will assist you in removal process

Alternatively, as a paying customer, you can contact the Help Desk

Should you have any other question(s) please post back using MXyBj.png button

Share this post


Link to post
Share on other sites
"c:\\Program Files\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=

"c:\\Program Files\\Windows Defender\\MSASCui.exe"=

"c:\\Program Files\\IObit\\IObit Security 360\\is360.exe"=

"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

You were sent you out of the malware removal forum without a full computer scan - You only had a Malware scan -

Please remove all other Security programs except for one antivirus program (Avira Antivir or Microsoft Security Essentials{the 2 preferred}) -

Next remove all of the other scanner programs except for Malwarebytes -

This should be done via Add/Remove in Control panel - Also the Bit Torrent program needs to be removed Fully -

If you still have any parts of the Roger Wilko program installed , then fully remove these also -

If you have WoW installed , also remove this program fully -

Please post back after you have done this -

If you can not uninstall any programs , please use RA Products Uninstallers and find the relevant remover -

Or you can use Revo Uninstaller (Free) , Live link is in my signature below - You should be able to place the removers on a stick or CD -

Thank You -

Share this post


Link to post
Share on other sites

Please run and post back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

I would also like to check and confirm that your copy of Windows is authentic

Please download this from Microsoft and run it on your computer

Filename = MGADiag.exe

http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and post the results here please.

Share this post


Link to post
Share on other sites

I'd like to see the DDS logs that Ron requested but it sounds like the drivers for your sound and network adapters may have gotten corrupted and/or deleted... In addition to Ron's instructions, please do the following:

  1. Click the Start Menu
  2. Click Run...
  3. Type in compmgmt.msc and click Ok
  4. In the left window pane, single left-click Device Manager

In the right window pane, do you see anything with a red "X" or yellow triangle with a black "!" icon?

Regards,

Keith

Share this post


Link to post
Share on other sites
You were sent you out of the malware removal forum without a computer scan - You only had a quick Malware scan -

Please remove all other Security programs except for one antivirus program (Avira Antivir or Microsoft Security Essentials{the 2 preferred}) -

Next remove all of the other scanner programs except for Malwarebytes -

This should be done via Add/Remove in Control panel - Also the Bit Torrent program needs to be removed Fully -

If you still have any parts of the Roger Wilko program installed , then fully remove these also -

If you have WoW installed , also remove this program fully -

Please post back after you have done this -

If you can not uninstall any programs , please use RA Products Uninstallers and find the relevant remover -

Or you can use Revo Uninstaller (Free) , Live link is in my signature below - You should be able to place the removers on a stick or CD -

Thank You -

=============================================================================

Ok, so I can't keep my McAfee or AVG anymore? I'm following your instructions here, but c: dive is infected and I can't get to the net-on c: I have McAfee AV. I'm supposed to remove them for good?

I'm working from d: drive -the good one - and have Grisoft's AVG on it. Have been using AVG for many years-so I dump it? My other programs: AdAware, Spybot, SpywareBlaster-this doesn't scan-, HJ This, Rogue Remover, IO Bit Security and ALL need to go? Just making sure now before I do the uninstalls on here. You also want me to download Avira and use this for AV protection instead of the other two I mentioned?

Thanks,

DJ

Share this post


Link to post
Share on other sites
You were sent you out of the malware removal forum without a computer scan - You only had a quick Malware scan -

Please remove all other Security programs except for one antivirus program (Avira Antivir or Microsoft Security Essentials{the 2 preferred}) -

Next remove all of the other scanner programs except for Malwarebytes -

This should be done via Add/Remove in Control panel - Also the Bit Torrent program needs to be removed Fully -

If you still have any parts of the Roger Wilko program installed , then fully remove these also -

If you have WoW installed , also remove this program fully -

Please post back after you have done this -

If you can not uninstall any programs , please use RA Products Uninstallers and find the relevant remover -

Or you can use Revo Uninstaller (Free) , Live link is in my signature below - You should be able to place the removers on a stick or CD -

Thank You -

----------------------------------------------------------------------------

Ok, I went ahead and removed ALL that you mentioned and some extras I thought I should get rid of. Bit Torrent is gone and my registry ic clean of it...I think. Was MIRO a problem? It's gone but I'd like to run it later. Got rid of anything I could think of that scans; how about CNET Tracker? It's gone at any rate.

Dumped McAfee and installed Avira's curent AV w/ updates.

Now as far as the DDS.txt and Attach.exe logs-should I give them to AdvanvedSetup as he requested? I've all the tools for everything on this clean-up from before on cd as well. I 'll just wait for your reply.

I have the MGADiag.exe for him as well. Didn't run anything at this point.

Thank You!

Share this post


Link to post
Share on other sites

Dave,

Follow the instructions that Ron (AdvancedSetup) gave you. Post the DDS and Attach.txt in your next reply as well as the results from running MGADiag.exe

Regards,

Keith

Share this post


Link to post
Share on other sites
Ok, so I can't keep my McAfee or AVG anymore?
Sorry if this upset anything , but I was just trying to isolate the problem - You had listed 2 A/virus programs so I only wanted you to clear things up -

All programs I asked you to remove can always be replaced once we clean the problem up -

Please follow the DDS logs request so they can fully review your installed programs etc. -

Thank You -

PLEASE use ADD REPLY Tab at the bottom of the page so the Full answer is not always repeated in your response -

Share this post


Link to post
Share on other sites
Ok, I went ahead and removed ALL that you mentioned and some extras I thought I should get rid of. Bit Torrent is gone and my registry ic clean of it...I think. Was MIRO a problem? It's gone but I'd like to run it later. Got rid of anything I could think of that scans; how about CNET Tracker? It's gone at any rate.

Dumped McAfee and installed Avira's curent AV w/ updates.

Now as far as the DDS.txt and Attach.exe logs-should I give them to AdvanvedSetup as he requested? I've all the tools for everything on this clean-up from before on cd as well. I 'll just wait for your reply.

I have the MGADiag.exe for him as well. Didn't run anything at this point.

@ daveusmc

Please run and post back the logs as AdvancedSetup requested

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

I would also like to check and confirm that your copy of Windows is authentic

Please download this from Microsoft and run it on your computer

Filename = MGADiag.exe

http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and post the results here please.

you can post them back in the Malware Removal Forum http://forums.malwarebytes.org/index.php?s...mp;#entry324807

The above link will take you back to where you left off in Malware Removal right to your link

Share this post


Link to post
Share on other sites
Please run and post back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

I would also like to check and confirm that your copy of Windows is authentic

Please download this from Microsoft and run it on your computer

Filename = MGADiag.exe

http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and post the results here please.

--------------------------------------------------------------------------------------------------------------------------------------------

Here are the DDS logs.

DDS (Ver_10-10-05.01) - NTFSx86

Run by DAVE at 22:22:03.82 on Sun 10/17/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1393 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Skyhook Wireless\Wi-Fi Driver\WPSScannerSvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\SBAudigy2\Calibrator\SpkrCal.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\DAVE\Desktop\Malware Removal Tools\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Nexus Radio Toolbar: {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - c:\program files\nexus_radio\tbNexu.dll

BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll

TB: Nexus Radio Toolbar: {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - c:\program files\nexus_radio\tbNexu.dll

TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe

mRun: [hplampc] c:\windows\system32\hplampc.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! autosync\AutosyncForYahoo.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237662207234

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\tpgzersa.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-17 11608]

R1 mfehidk;mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-17 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-17 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-17 60936]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-4-23 91456]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 Auto File Backup Service;AutoBAUP Service;c:\program files\autobaup\autobaup.exe --> c:\program files\autobaup\AutoBAUP.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S2 IS360service;IS360service; [x]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

S3 cpuz132;cpuz132;\??\c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-9-22 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-9-22 9312]

S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2010-9-9 49377]

S3 mfeavfk;mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-21 79816]

S3 mfebopk;mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-21 35272]

S3 mferkdk;mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-21 34248]

S3 mfesmfk;mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-21 40552]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-4-9 42752]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

=============== Created Last 30 ================

2010-10-17 22:19:36 -------- d-----w- c:\docume~1\dave\applic~1\Avira

2010-10-17 22:16:23 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-17 22:16:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-10-17 22:16:20 -------- d-----w- c:\program files\Avira

2010-10-15 20:50:52 418632 ----a-r- c:\windows\system32\drivers\etc\hosts.20101015-165052.backup

2010-10-15 20:14:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-15 20:14:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-05 19:14:23 42 ----a-w- c:\documents and settings\dave\default.pls

2010-09-25 23:06:52 -------- d-----w- c:\program files\Microsoft

2010-09-25 23:06:48 -------- d-----w- c:\program files\MSN Toolbar

2010-09-25 23:06:03 -------- d-----w- c:\program files\MSN Toolbar Installer

2010-09-25 22:42:29 -------- d-----w- c:\program files\Winamp Detect

2010-09-25 22:38:16 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-09-22 20:00:14 -------- d-----w- c:\program files\common files\Creative

2010-09-22 20:00:11 -------- d--h--w- c:\program files\Creative Installation Information

2010-09-22 19:26:42 7062 ----a-w- c:\windows\system32\audiopid.vxd

2010-09-22 19:26:25 -------- d-----w- c:\program files\common files\Creative Labs Shared

2010-09-20 20:04:35 -------- d-----w- c:\docume~1\dave\locals~1\applic~1\Powercinema

2010-09-20 19:56:26 -------- d-----w- c:\program files\Dell

2010-09-20 04:37:13 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-20 04:14:52 90112 ------w- c:\windows\Updreg.EXE

2010-09-20 04:14:52 53552 ------w- c:\windows\CTCCW.DLL

2010-09-20 04:14:52 24976 ------w- c:\windows\CTRES.DLL

2010-09-20 04:14:51 84992 ------w- c:\windows\system32\SFCVRT32.DLL

2010-09-20 04:14:50 82432 ------w- c:\windows\system32\CTWFLT32.DLL

2010-09-20 04:14:50 54784 ------w- c:\windows\system32\INETWH32.DLL

2010-09-20 04:14:50 26768 ------w- c:\windows\system32\CTL3D.DLL

2010-09-20 04:12:33 77824 ----a-w- c:\windows\system32\ctdvda32.dll

2010-09-20 04:12:22 12288 ----a-w- c:\windows\system32\AHQCpURes.dll

2010-09-20 04:12:21 32768 ----a-w- c:\windows\system32\AudioHQU.cpl

2010-09-20 04:09:13 62976 ----a-w- c:\windows\system32\CTDetres.dll

2010-09-20 04:09:12 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE

2010-09-20 04:09:07 331776 ------w- c:\windows\system32\CTMEDENG.DLL

2010-09-20 04:09:05 24576 ----a-w- c:\windows\system32\CTMERes.DLL

2010-09-20 04:09:05 139264 ----a-w- c:\windows\system32\Video.skn

2010-09-20 00:17:59 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2010-09-18 21:46:21 418632 ----a-r- c:\windows\system32\drivers\etc\hosts.20100918-174621.backup

2010-09-18 19:19:25 27 ----a-w- c:\windows\system32\drivers\etc\hosts.20100918-151925.backup

==================== Find3M ====================

2010-09-22 19:25:25 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-05 22:02:32 871040 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-30 19:33:48 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39:50 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-13 04:34:14 459112 ----a-w- c:\program files\Miro_Installer.exe

============= FINISH: 22:23:03.78 ===============

Share this post


Link to post
Share on other sites
Please run and post back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

  • When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

I would also like to check and confirm that your copy of Windows is authentic

Please download this from Microsoft and run it on your computer

Filename = MGADiag.exe

http://go.microsoft.com/fwlink/?linkid=52012

Press "Copy to clipboard" and post the results here please.

--------------------------------------------------------------------------------------------------------------------------------------

Sorry-Her'e my MGAD iag Report.

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT

Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=

Windows Product ID: 76477-OEM-2111907-00102

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 5.1.2600.2.00010300.3.0.hom

ID: {D70FC686-F359-4BE4-AC73-BA6C862437E5}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.9.9.1

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-230-1

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE; Win32)

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{592752C7-DC26-457A-99F1-020D0D01CCED}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-682003330-1647877149-2147331303</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension XPS </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A07</Version><SMBIOSVersion major="2" minor="3"/><Date>20050715000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>990330970184E073</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->

N/A

Windows Activation Technologies-->

N/A

HWID Data-->

N/A

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 1AD9D:Dell Inc|1AD9D:Microsoft Corporation

Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->

N/A

Share this post


Link to post
Share on other sites
I'd like to see the DDS logs that Ron requested but it sounds like the drivers for your sound and network adapters may have gotten corrupted and/or deleted... In addition to Ron's instructions, please do the following:

  1. Click the Start Menu
  2. Click Run...
  3. Type in compmgmt.msc and click Ok
  4. In the left window pane, single left-click Device Manager

In the right window pane, do you see anything with a red "X" or yellow triangle with a black "!" icon?

Regards,

Keith

---------------------------------------------------------------------------------------------------------------------------------------------

Here's my DDS Rpt.

DDS (Ver_10-10-05.01) - NTFSx86

Run by DAVE at 22:22:03.82 on Sun 10/17/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1393 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Skyhook Wireless\Wi-Fi Driver\WPSScannerSvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Intellisync\PushSyncService\PushSyncService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Creative\SBAudigy2\Calibrator\SpkrCal.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\DAVE\Desktop\Malware Removal Tools\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Nexus Radio Toolbar: {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - c:\program files\nexus_radio\tbNexu.dll

BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll

TB: Nexus Radio Toolbar: {2462d2d8-b36e-44ab-84bf-c5a9383d2429} - c:\program files\nexus_radio\tbNexu.dll

TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe

mRun: [hplampc] c:\windows\system32\hplampc.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe

mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\yahoo! autosync\AutosyncForYahoo.exe

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237662207234

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\tpgzersa.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-17 11608]

R1 mfehidk;mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-17 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-17 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-17 60936]

R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-4-23 91456]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 Auto File Backup Service;AutoBAUP Service;c:\program files\autobaup\autobaup.exe --> c:\program files\autobaup\AutoBAUP.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S2 IS360service;IS360service; [x]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]

S3 cpuz132;cpuz132;\??\c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-9-22 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]

S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-9-22 9312]

S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2010-9-9 49377]

S3 mfeavfk;mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-21 79816]

S3 mfebopk;mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-21 35272]

S3 mferkdk;mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-21 34248]

S3 mfesmfk;mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-21 40552]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-4-9 42752]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

=============== Created Last 30 ================

2010-10-17 22:19:36 -------- d-----w- c:\docume~1\dave\applic~1\Avira

2010-10-17 22:16:23 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-17 22:16:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-10-17 22:16:20 -------- d-----w- c:\program files\Avira

2010-10-15 20:50:52 418632 ----a-r- c:\windows\system32\drivers\etc\hosts.20101015-165052.backup

2010-10-15 20:14:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-15 20:14:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-05 19:14:23 42 ----a-w- c:\documents and settings\dave\default.pls

2010-09-25 23:06:52 -------- d-----w- c:\program files\Microsoft

2010-09-25 23:06:48 -------- d-----w- c:\program files\MSN Toolbar

2010-09-25 23:06:03 -------- d-----w- c:\program files\MSN Toolbar Installer

2010-09-25 22:42:29 -------- d-----w- c:\program files\Winamp Detect

2010-09-25 22:38:16 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-09-22 20:00:14 -------- d-----w- c:\program files\common files\Creative

2010-09-22 20:00:11 -------- d--h--w- c:\program files\Creative Installation Information

2010-09-22 19:26:42 7062 ----a-w- c:\windows\system32\audiopid.vxd

2010-09-22 19:26:25 -------- d-----w- c:\program files\common files\Creative Labs Shared

2010-09-20 20:04:35 -------- d-----w- c:\docume~1\dave\locals~1\applic~1\Powercinema

2010-09-20 19:56:26 -------- d-----w- c:\program files\Dell

2010-09-20 04:37:13 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2010-09-20 04:14:52 90112 ------w- c:\windows\Updreg.EXE

2010-09-20 04:14:52 53552 ------w- c:\windows\CTCCW.DLL

2010-09-20 04:14:52 24976 ------w- c:\windows\CTRES.DLL

2010-09-20 04:14:51 84992 ------w- c:\windows\system32\SFCVRT32.DLL

2010-09-20 04:14:50 82432 ------w- c:\windows\system32\CTWFLT32.DLL

2010-09-20 04:14:50 54784 ------w- c:\windows\system32\INETWH32.DLL

2010-09-20 04:14:50 26768 ------w- c:\windows\system32\CTL3D.DLL

2010-09-20 04:12:33 77824 ----a-w- c:\windows\system32\ctdvda32.dll

2010-09-20 04:12:22 12288 ----a-w- c:\windows\system32\AHQCpURes.dll

2010-09-20 04:12:21 32768 ----a-w- c:\windows\system32\AudioHQU.cpl

2010-09-20 04:09:13 62976 ----a-w- c:\windows\system32\CTDetres.dll

2010-09-20 04:09:12 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE

2010-09-20 04:09:07 331776 ------w- c:\windows\system32\CTMEDENG.DLL

2010-09-20 04:09:05 24576 ----a-w- c:\windows\system32\CTMERes.DLL

2010-09-20 04:09:05 139264 ----a-w- c:\windows\system32\Video.skn

2010-09-20 00:17:59 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2010-09-18 21:46:21 418632 ----a-r- c:\windows\system32\drivers\etc\hosts.20100918-174621.backup

2010-09-18 19:19:25 27 ----a-w- c:\windows\system32\drivers\etc\hosts.20100918-151925.backup

==================== Find3M ====================

2010-09-22 19:25:25 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-05 22:02:32 871040 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-30 19:33:48 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39:50 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-13 04:34:14 459112 ----a-w- c:\program files\Miro_Installer.exe

============= FINISH: 22:23:03.78 ===============

Share this post


Link to post
Share on other sites

I have 2 question marks in the yellow/black. They are:

Other Decice Drivers

Mass Storage Controller

Share this post


Link to post
Share on other sites
Sorry if this upset anything , but I was just trying to isolate the problem - You had listed 2 A/virus programs so I only wanted you to clear things up -

All programs I asked you to remove can always be replaced once we clean the problem up -

Please follow the DDS logs request so they can fully review your installed programs etc. -

Thank You -

PLEASE use ADD REPLY Tab at the bottom of the page so the Full answer is not always repeated in your response -

That's ok. I'm stripped of all Spyware programs. I'm good!

Share this post


Link to post
Share on other sites

@ daveusmc

OK Dave, I sent a PM to an admin, to let him know you posted logs. Check in Later/Monday+ to see any replies.

thanks for posting them, they need to be looked over.... regards..

Share this post


Link to post
Share on other sites
@ daveusmc

OK Dave, I sent a PM to an admin, to let him know you posted logs. Check in Later/Monday+ to see any replies.

thanks for posting them, they need to be looked over.... regards..

Ok. Hope everybody got the correct uploads. TTYL

Thank You!

Share this post


Link to post
Share on other sites

Hi -

Have you run a Check Disk scan for a while - Copy/paste this code into Run Box and press enter - Close ALL programs first as this code will reboot your system

and take at least 45 mins to run on your system - So be very patient as it performs a full 5 stage check on your system -

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

This is another item to perform while the logs are still being checked -

Thank You -

Share this post


Link to post
Share on other sites

Yes. I've ran both when this problem came up: well defrag before the problem. Same problem after. The missing Connections folder is very consistant of a virus. I've seen this before and read about in in these forums.

Thank You

Share this post


Link to post
Share on other sites

I see. But exactly what does Dial Fix do to my pc? Do you endorse it?

Share this post


Link to post
Share on other sites

@ daveusmc -

Can you please stop quoting the full responses each time - Please use the ADD REPLY Tab at the bottom of the page (under the Reply Tab -

It takes ages to read 1 item - You can do what I have done and list the screen name of the person that you are refering to -

Dial-a-fix By DjLizard (hereafter known as "DAF") is a collection of known fixes gleaned from Microsoft Knowledgebase articles, Microsoft MVPs, and other important support forums, that will assist you in repairing problems with your system. Although this tool is ordinarily meant for power users, technicians, and administrators, it is quite safe to use even without technical guidance (although guidance is recommended). Simply choose the solutions you wish to apply via checkmarks, and click GO. There are other buttons and tools present on the main dialog as well, such as the policy scanner. All tools and checkmarks identify their purpose when you mouse over them.

Thank You -

Share this post


Link to post
Share on other sites

I didn't write the program but basically it takes and unregisters many dll files and then reregisters them to correct potential issues in the registry.

Sorry but I don't really have any other suggestions except maybe an in-place rebuild of the OS.

Share this post


Link to post
Share on other sites

This Link is to drivers for Creative Labs sound controls - It may pay to follow it through for the updated sound drivers you will need for your system -

Do not forget the item from AdvancedSetup is to be run first -

- Just an extra idea -

  • Open Control Panel and select Internet Options see if a Home page is listed in the open box (Make it http://www.google.com) rather than Yahoo
  • Next - Click on the Connections tab
  • Click on the LAN settings button
  • Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  • Click on the OK button to close the Local Area Network (LAN) Settings window
  • Click on the OK button to close the Internet Options window
  • Use this diagram as a guide
  • Try connecting to the Internet again or see if there is an item under Network Connections -

Next go to RA Products Uninstallers and use the [15] IObit > uninstaller to remove the Toolbar and remaining parts of the program -

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.