1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

DHCP Error 1075 Cont.

Discussion in 'Virus & Other Malware Removal' started by Squish1971, Mar 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    I have read through the original thread (now closed) and tried all it's suggestions. However, I am still having the same IP (on lack of) issues. I ended my efforts with the running of SFC /SCANNOW which took a considerable amount of time, but resulted in no errors of any kind.

    I continue to get the Error 1075: the dependency service does not exist or has been marked for deletion, message when trying to start the DHCP Client.

    I'm afraid searching the suggested logs for the dependency items it a little over my head.

    A little background for my situation. The computer in question is my teenage daughters. A week ago she started having problems with the internet and I'm assuming this is some sort of virus. Whenever selecting a website to launch to, something intervenes and chooses some alternate website. Never the same one twice. I loaded AVAST free version and did a scan. I also updated Malware Bytes and did another scan. I then loaded Kaspersky TDDS killer and did a scan with that. After all that, and roughly 15 files quarantined and deleted, I now have this IP problem. I cannot restore the computer back to an earlier time.

    Help would be greatly appreciated!
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,875
    First Name:
    Wayne
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    I'd be happy to help once you post the requested logs mentioned by etaf.
     
  4. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    I tried to attach a word document that shows the Hijack results.

    Let's see if this works.
     

    Attached Files:

  5. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    I'm not sure how to ZIP something so I just attached both files. They were small so hopefully these will help.
     

    Attached Files:

  6. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    This should be the final step. If I have missed something or done something incorrectly please let me know and I will do it again. Because the subject computer has no IP address I have to transfer all files to a flash drive then post them here on a separate pc.

    Thanks
     

    Attached Files:

    • ark.txt
      File size:
      2.6 KB
      Views:
      1
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    I'm going to post all of the logs in the thread for easier reference. In the future, please only attach logs if requested to do so.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by cheryllo at 12:44:19 on 2012-03-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.592 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\ofps.exe
    svchost.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Facebook Update] "c:\documents and settings\cheryllo\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    uPolicies-disallowrun: 1 = sol.exe
    uPolicies-disallowrun: 2 = freecell.exe
    uPolicies-disallowrun: 3 = mshearts.exe
    uPolicies-disallowrun: 4 = winmine.exe
    uPolicies-disallowrun: 5 = spider.exe
    IE: &Search - http://tbedits.smileycentral.com/on...7A47-753A-46B5-8FF7-D3E57727BCD0&n=2010120306
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
    DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} - hxxp://ni-us.demoservers.com/URA/URA/lib/LocalProxyActiveX.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    DPF: {4EDCB26C-D24C-4E72-AF07-B576699AC0DE} - hxxp://ni-us.demoservers.com/URA/URA/lib/srdp.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} - hxxp://plugin.fileopen.com/current/FileOpen.CAB
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://deere.webex.com/client/T26L10NSP49EP24-deere/webex/ieatgpc.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B5E4E63D-6A2C-44BE-BFBD-DC8289640192} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    Notify: igfxcui - igfxdev.dll
    Notify: NecUsb3Sevices - USB3Sw32.dll
    Notify: USB3Sw32 - USB3Sw32.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\cheryllo\application data\mozilla\firefox\profiles\pu7n6f11.default\
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
    FF - plugin: c:\program files\smileycentral_1v\bar\2.bin\NP1vStub.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-23 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-23 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-23 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-23 44768]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2004-8-11 14336]
    S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
    S2 SkypeUpdate;Skype Updater;"c:\program files\skype\updater\updater.exe" --> c:\program files\skype\updater\Updater.exe [?]
    S2 SmileyCentral_1vService;SmileyCentral Service;c:\progra~1\smiley~2\bar\2.bin\1vbarsvc.exe [2011-3-24 36864]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2007-9-20 12658]
    S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2007-6-6 131776]
    S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
    .
    =============== Created Last 30 ================
    .
    2012-03-25 02:37:09 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2012-03-25 02:37:04 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-03-25 02:37:03 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2012-03-25 02:36:59 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-03-25 02:36:54 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-03-25 02:36:24 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2012-03-25 02:36:18 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-03-25 02:36:17 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-03-25 02:36:10 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
    2012-03-25 02:36:09 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-03-25 02:36:07 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
    2012-03-25 02:35:45 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2012-03-25 02:35:36 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
    2012-03-25 02:35:32 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2012-03-25 02:35:20 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
    2012-03-25 02:35:14 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2012-03-25 02:35:10 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2012-03-25 02:35:08 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
    2012-03-25 02:35:08 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
    2012-03-25 02:35:02 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2012-03-25 02:35:01 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2012-03-25 02:33:55 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2012-03-25 02:32:57 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
    2012-03-25 02:32:52 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
    2012-03-25 02:32:48 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
    2012-03-25 02:32:43 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
    2012-03-25 02:32:39 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
    2012-03-25 02:32:35 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
    2012-03-25 02:32:30 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
    2012-03-25 02:32:25 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
    2012-03-25 02:32:20 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
    2012-03-25 02:32:19 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
    2012-03-25 02:32:12 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
    2012-03-25 02:32:07 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
    2012-03-25 02:32:03 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
    2012-03-25 02:30:58 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
    2012-03-25 02:29:59 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
    2012-03-25 02:28:57 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
    2012-03-25 02:27:57 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
    2012-03-25 02:26:58 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2012-03-25 02:25:55 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
    2012-03-25 02:24:58 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
    2012-03-25 02:23:58 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
    2012-03-25 02:22:59 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys
    2012-03-25 02:21:57 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
    2012-03-25 02:20:57 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
    2012-03-25 02:19:59 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
    2012-03-25 02:18:54 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
    2012-03-25 02:18:53 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2012-03-25 02:18:47 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
    2012-03-25 02:18:36 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
    2012-03-25 02:18:34 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
    2012-03-25 02:18:33 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
    2012-03-25 02:18:23 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
    2012-03-25 02:18:19 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
    2012-03-25 02:18:17 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
    2012-03-25 02:16:59 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
    2012-03-25 02:15:59 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
    2012-03-25 02:14:59 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
    2012-03-25 02:13:58 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
    2012-03-25 02:12:58 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2012-03-25 02:11:57 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll
    2012-03-25 02:10:57 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2012-03-25 02:09:59 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys
    2012-03-25 02:08:58 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys
    2012-03-25 02:07:59 65622 ----a-w- c:\windows\system32\dllcache\digiasyn.dll
    2012-03-25 02:06:59 60970 ----a-w- c:\windows\system32\dllcache\cpqtrnd5.sys
    2012-03-25 02:05:43 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2012-03-25 02:04:59 26880 ----a-w- c:\windows\system32\dllcache\atirtsnd.sys
    2012-03-25 02:03:58 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
    2012-03-25 02:03:46 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
    2012-03-25 02:03:29 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2012-03-25 02:03:29 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2012-03-25 02:03:28 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2012-03-25 02:03:27 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2012-03-25 02:03:26 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2012-03-25 02:03:25 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2012-03-24 14:21:46 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-24 03:05:24 -------- d-----w- c:\documents and settings\cheryllo\application data\Malwarebytes
    2012-03-24 01:11:32 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-24 01:07:32 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-24 01:05:47 -------- d-----w- c:\program files\AVAST Software
    2012-03-24 01:05:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-03-24 00:04:48 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-18 23:29:56 -------- d-----w- c:\program files\Skype
    2012-03-18 22:55:21 -------- d-----w- c:\documents and settings\cheryllo\local settings\application data\Facebook
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 12:46:11.40 ===============
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-25 12:54:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541080G9SA00 rev.MB4OC60R
    Running: nbvturz7.exe; Driver: C:\DOCUME~1\cheryllo\LOCALS~1\Temp\pxtyqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA1C128E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA1C10F9]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA25ED92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/8/2006 1:23:52 PM
    System Uptime: 3/25/2012 12:11:41 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0KD882
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | Microprocessor | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 35.412 GiB free.
    D: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 440x 10/100 Integrated Controller
    Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
    Manufacturer: Broadcom
    Name: Broadcom 440x 10/100 Integrated Controller
    PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
    Service: bcm4sbxp
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-L632D_______________DE03____\5&2C81F6DE&0&0.0.0
    Manufacturer: (Standard CD-ROM drives)
    Name: TSSTcorp DVD+-RW TS-L632D
    PNP Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-L632D_______________DE03____\5&2C81F6DE&0&0.0.0
    Service: cdrom
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: TAP-Win32 Adapter V8
    Device ID: ROOT\NET\0000
    Manufacturer: TAP-Win32 Provider
    Name: TAP-Win32 Adapter V8
    PNP Device ID: ROOT\NET\0000
    Service: tap0801
    .
    ==== System Restore Points ===================
    .
    RP793: 12/26/2011 1:16:58 AM - System Checkpoint
    RP794: 12/27/2011 8:08:04 AM - System Checkpoint
    RP795: 12/27/2011 12:22:20 PM - Software Distribution Service 3.0
    RP796: 1/23/2012 9:13:28 AM - System Checkpoint
    RP797: 2/2/2012 4:56:14 PM - System Checkpoint
    RP798: 2/4/2012 7:45:42 PM - System Checkpoint
    RP799: 2/8/2012 6:24:52 PM - System Checkpoint
    RP800: 2/9/2012 11:29:24 PM - System Checkpoint
    RP801: 2/12/2012 4:40:00 PM - System Checkpoint
    RP802: 2/15/2012 10:39:25 PM - System Checkpoint
    RP803: 2/18/2012 7:31:38 PM - System Checkpoint
    RP804: 2/20/2012 6:16:23 PM - System Checkpoint
    RP805: 2/23/2012 5:44:45 PM - System Checkpoint
    RP806: 2/25/2012 5:47:47 PM - System Checkpoint
    RP807: 3/2/2012 8:00:53 PM - System Checkpoint
    RP808: 3/4/2012 12:03:55 PM - System Checkpoint
    RP809: 3/5/2012 5:23:53 PM - System Checkpoint
    RP810: 3/6/2012 5:37:02 PM - System Checkpoint
    RP811: 3/10/2012 2:13:10 PM - System Checkpoint
    RP812: 3/12/2012 5:19:30 PM - System Checkpoint
    RP813: 3/14/2012 9:58:20 AM - System Checkpoint
    RP814: 3/16/2012 9:01:13 PM - System Checkpoint
    RP815: 3/18/2012 8:46:06 AM - System Checkpoint
    RP816: 3/19/2012 3:43:20 PM - System Checkpoint
    RP817: 3/23/2012 7:06:08 PM - Restore Operation
    RP818: 3/23/2012 7:11:33 PM - Restore Operation
    RP819: 3/23/2012 7:17:46 PM - Restore Operation
    RP820: 3/23/2012 8:05:47 PM - avast! Free Antivirus Setup
    RP821: 3/24/2012 7:44:15 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.0
    Adobe Reader for Pocket PC 2.0
    AIO_Scan
    All Mobile Mines - Pocket PC Edition 4.0.1
    AOLIcon
    Auslogics Disk Defrag
    avast! Free Antivirus
    Avery® Wizard 2.1 for Microsoft® Office Word 2003
    Barracuda Message Archiver Outlook Add-In 2.1.12
    Broadcom Management Programs
    BufferChm
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    CrossLoop 2.51
    CutePDF Writer 2.4
    Dell Media Experience
    Dell Support Center (Support Software)
    Dell System Restore
    Dell Wireless WLAN Card
    DellSupport
    Digital Line Detect
    DSTfix
    Engineering Power Tools - v1.9.8
    eV41 0.93
    Facebook Video Calling 1.2.0.159
    Family Tree Legends
    Fax
    FileOpen Client
    FolderMatch v3.5.6
    FX Configurator-EN
    Garmin Communicator Plugin
    Garmin USB Drivers
    Garmin WebUpdater
    Google Desktop
    Google Earth
    Google SketchUp 6
    Google Toolbar for Internet Explorer
    Google Update Helper
    GX Developer-FX
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP LaserJet 3050/3052/3055/3390/3392 2.0
    HP Photosmart All-In-One Software 9.0
    HP Product Detection
    HP48g,49g,50g series Calculator Connectivity Kit
    hppFaxUtility
    hppIOFiles
    hppManuals3390
    hppscan3390
    hppScanTo
    hppTooCool
    Icon Restore 1.0
    Intel(R) Graphics Media Accelerator Driver
    Intel(r) System Information Viewer
    interneTIFF 8.0-FREE (IE Browser)
    iPAQ WebReg
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 5
    Learn2 Player (Uninstall Only)
    LiveUpdate 2.6 (Symantec Corporation)
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 4.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Outlook Personal Folders Backup
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Modem Helper
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NetWaiting
    OmniForm 5.0
    Online Bible 9.20
    OpenVPN 2.0.9-gui-1.0.3
    Orionic
    Periodic Table for Pocket PC
    Power BibleCD 5.4
    PowerDVD 5.7
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    QFolder
    QuickSet
    QuickTime
    RealPlayer Basic
    RemoteControl II
    Scan
    Search Assist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Skype Click to Call
    Skype™ 5.8
    SmileyCentral
    SolidWorks eDrawings 2009
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spelling Dictionaries Support For Adobe Reader 9
    Synaptics Pointing Device Driver
    Toolbox
    Unit Converter Pro 3.1
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    User Profile Helper Cleanup Service
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WeatherBug
    WebEx
    WebFldrs XP
    WebReg
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/24/2012 9:25:25 AM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
    3/24/2012 9:25:25 AM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
    3/24/2012 9:25:24 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    3/24/2012 9:22:47 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/24/2012 9:14:14 AM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/23/2012 9:54:02 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found.
    3/23/2012 9:54:02 PM, error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified procedure could not be found.
    3/23/2012 9:54:02 PM, error: Service Control Manager [7023] - The Npkcmsvc service terminated with the following error: The specified module could not be found.
    3/23/2012 9:54:02 PM, error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The system cannot find the path specified.
    3/20/2012 7:15:43 AM, error: Dhcp [1002] - The IP address lease 192.168.2.7 for the Network Card with network address 0016CF2148DF has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    3/19/2012 7:10:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NetworkLog service to connect.
    3/19/2012 7:10:06 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FBINC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    3/19/2012 7:06:15 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    3/18/2012 8:17:35 PM, error: Service Control Manager [7016] - The OmniForm Printer service has reported an invalid current state 0.
    .
    ==== End Of File ===========================
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    The following step should restore the connection.

    Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

    ***************************************************

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

    Note: If you have SP3, use the SP2 package.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  11. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    I apologize for all the posts! I read the Everyone MUST do this before POSTING thing, but my brain totally skipped the "only do it specifically asked to" part. I'm so sorry! I will download and transfer your recommendations tomorrow and let you know how it goes.

    I can't thank you enough for all your help!
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    That's fine. :)
     
  13. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    I ran it but I got a message saying it detected Rootkit activity and had to reboot.

    Incidentally, I did not get the Recovery Console box at all.

    Upon reboot, I logged in and aside from the desktop photo, the only thing that came up was the ComboFix box and it started running again.

    According to Combo Fix:
    System file is infected !! attempting to restore
    C:\WINDOWS\system32\lpk.dll
    Replacement not found

    It's been a couple hours and AutoScan is still running. It is on "Completed Stage_4", but I'm just going to leave it run because it's bedtime. More in the morning I hope!
     
  14. Squish1971

    Squish1971 Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    17
    This morning I awoke to the blue screen.

    Tech info:
    *** STOP: 0x00000024 (0x001902FE,0x001902FE,0xA9873348,0xA9873044,0xAA0FB5A0)
    *** aswsnx.sys - Address AA0FB5A0 base at AA0DB000, Datestamp 4f56a5e5

    Beginning dump of physical memory
    dump complete
    contact admin.

    *this looks bad

    I tried rebooting to see what happens.
    After a quick blue windows screen scan it booted up to the normal desktop. The Combofix screen popped up and disappeared a few times.
    I disabled Avast
    Windows popped up a message that stated the system recovered from a serious error. I'll try to attach the message.

    I'm not sure if I should try to run Combofix again. I'll wait for your feedback at this point.

    Cheryll
     

    Attached Files:

  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,460
    Why did you not install the recovery console?

    Did ComboFix produce a log?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1046497

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice