1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Error 1075 Can not Acquire Ip

Discussion in 'Virus & Other Malware Removal' started by adrianthomas, Nov 26, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    DHCP and TCP/IP can not be started from Services with out the following error.

    Error 1075: The dependency service does not exist or has been marked for deletion.

    I've checked the dependencies and all are running.

    AFD is the only driver common to both DHCP and TCP/IP so I assumed it is either not running or is corrupt..yet when I try to start AFD from the CMD prompt I get...."service is already running.

    I have since disabled my Lan Connection via Network Connections as it just sits there trying to acquire ip without ever timing out.

    I also performed a registry scan with Registry Booster in Safe Mode. It reported:

    1061 System Errors
    205 User Errors, and
    1 Third Party Error

    A cursory review of the log tells me the majority have to do with poorly uninstalled programs. I did NOT let Registry Booster fix anything.

    As per Forum Rules my HiJackThis log and others follow:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:57:39 PM, on 11/26/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Conversions Plus\FORMATM.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - http://www.rockwellinstitute.com/Agent/tv_enua.exe
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pioneerpg.local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM32\Browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM32\Browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: Google Update Service (gupdate1c9630bcbc9d704) (gupdate1c9630bcbc9d704) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MacFormatService - DataViz Inc. - C:\Program Files\Conversions Plus\FORMATM.EXE
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 9121 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
    Run by Adrian at 20:08:14 on 2011-11-26
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.495 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Conversions Plus\FORMATM.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe
    uPolicies-system: DisableRegistryTools =
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38210.4846180556
    DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - hxxp://www.rockwellinstitute.com/Agent/tv_enua.exe
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
    TCP: Interfaces\{C1385FD7-B372-4A4E-809C-1888048891EC} : DhcpNameServer = 68.87.69.150 68.87.85.102
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 MacOpen;MacOpen;c:\windows\system32\drivers\MacOpen.sys [2006-3-14 180316]
    R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2009-5-26 19478]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
    R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2009-5-26 635012]
    R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2009-5-26 431236]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-22 366152]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-11-11 14976]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-22 22216]
    S2 gupdate1c9630bcbc9d704;Google Update Service (gupdate1c9630bcbc9d704);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2009-5-27 155264]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-6-29 27064]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
    S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]
    .
    =============== Created Last 30 ================
    .
    2011-11-27 03:56:33 388096 ----a-r- c:\documents and settings\adrian\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-27 00:57:51 -------- dc-h--w- c:\documents and settings\all users\application data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2011-11-27 00:57:51 -------- d-----w- c:\program files\Uniblue
    2011-11-25 20:55:28 -------- d-----w- C:\ERDNT
    2011-11-07 23:12:13 -------- d-----w- c:\documents and settings\adrian\local settings\application data\http___www.SynergeTechSol
    2011-11-07 23:09:52 -------- d-----w- c:\program files\SynergeTech Solutions
    2011-11-07 23:01:00 -------- d-----w- c:\windows\system32\XPSViewer
    2011-11-07 23:00:17 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-11-07 22:59:23 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-07 22:59:23 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-11-07 22:59:23 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-07 22:59:23 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-11-07 22:59:23 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-07 22:59:23 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-11-07 22:59:23 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-07 22:59:23 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-11-07 22:54:34 -------- d-----w- c:\program files\MSXML 6.0
    .
    ==================== Find3M ====================
    .
    2011-11-15 22:40:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-01 01:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 20:09:41.34 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-26 20:14:21
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
    Running: hnwqk40h.exe; Driver: C:\DOCUME~1\Adrian\LOCALS~1\Temp\uxryrpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    Before we even try to fix this, I need to know why you are still running only SP2 which is no longer supported?

    Is this operating system genuine?
     
  3. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    This may sound very stupid to you, but it's been my experience that when I allow windows to install all of it's "recommended" updates my computer tends to run very slowly. So I've just ignored all the updates, and tried to protect myself with scanners and restricted access via MAC addresses I know. I'm not network savvy so this could be a terrible strategy.

    The OS is genuine although I have had to move it from an older computer to a newer one. I don't think that affects anything though. I still have the original disk.
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    It's really not a good strategy to not allow the updates.

    Let's check the validity of the system just to be sure:

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.


    Also please do this:

    Please download WVCheck and save it to your desktop.

    • Double click WVCheck.exe to run it. (If you downloaded the zipped version you will need to extract it first.)
    • As indicated by the prompt, this program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file as a reply.
     
  5. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    Cut and Paste of MGADIag report followed by same from WVCheck


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
    Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
    Windows Product ID: 55274-OEM-2211906-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {908E6854-FD96-4997-8CBD-18FC8D4C12B1}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.3.265.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
    File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
    File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{908E6854-FD96-4997-8CBD-18FC8D4C12B1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>55274-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-686950178-3744936264-2294874698</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Precision WorkStation 360 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="3"/><Date>20040517000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>DE01307701848063</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Computer Corporation</name><model>Dell WORKSTATION PWS360</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>3574869865D5500</Val><Hash>DzsKIxY6jW/3QG/DM7ONd/4saRM=</Hash><Pid>73931-640-3121383-57770</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1B14B:Dell Inc|1B14B:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1341_28-11-2011
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 2
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Do not download or install updates automatically.
    -----------------------
    Last Success Time for Update Detection: 2010-09-25 17:00:12
    Last Success Time for Update Download: 2007-12-20 17:13:18
    Last Success Time for Update Installation: 2007-12-20 18:01:03


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b409909f6e2e8a7067076ed748abf1e7


    -------- End of File, program close at 1344_28-11-2011 --------
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

    ***************************************************

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    --------------------------------------------------------------------

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

    Note: If you have SP3, use the SP2 package.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your anti-Virus and anti-spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.


    [​IMG]

    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt in your next reply.
     
  7. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    I could almost hear your coffee cup crashing to the floor from here when you read my second post. I really appreciate you sticking with me.

    RootKit activity was detected and needed to reboot. Completed scan and deleted files and folders then rebooted again. On reboot Combo Fix prepared the pasted Log Report. It took approximately 5 minutes to create the report.


    ComboFix 11-11-28.02 - Adrian 11/28/2011 15:37:15.6.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.578 [GMT -8:00]
    Running from: c:\documents and settings\Adrian\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Adrian\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xvbfjhq8.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xvbfjhq8.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\chrome.manifest
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xvbfjhq8.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\chrome\xulcache.jar
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xvbfjhq8.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\defaults\preferences\xulcache.js
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xvbfjhq8.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\install.rdf
    c:\documents and settings\Adrian\Application Data\inst.exe
    c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\8njisjrd.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}
    c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\8njisjrd.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\chrome.manifest
    c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\8njisjrd.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\chrome\xulcache.jar
    c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\8njisjrd.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\defaults\preferences\xulcache.js
    c:\documents and settings\Adrian\Application Data\Mozilla\Firefox\Profiles\8njisjrd.default\extensions\{94cc25db-85be-4118-8bd8-33445c882cee}\install.rdf
    c:\documents and settings\Adrian\g2mdlhlpx.exe
    c:\documents and settings\Adrian\GoToAssistDownloadHelper.exe
    c:\documents and settings\Adrian\Local Settings\Application Data\guwb.exe
    c:\documents and settings\Adrian\Local Settings\Application Data\hfrb.exe
    c:\documents and settings\Adrian\Local Settings\Application Data\lchb.exe
    c:\documents and settings\Adrian\Local Settings\Application Data\tbvm.exe
    c:\documents and settings\Adrian\My Documents\DPE.DUS
    c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    C:\RECYCLER(2)
    c:\recycler(2)\S-1-5-21-686950178-3744936264-2294874698-1005(2)\INFO2
    c:\windows\$NtUninstallKB21633$
    c:\windows\$NtUninstallKB21633$\1773180547
    c:\windows\$NtUninstallKB21633$\1797472162\@
    c:\windows\$NtUninstallKB21633$\1797472162\bckfg.tmp
    c:\windows\$NtUninstallKB21633$\1797472162\cfg.ini
    c:\windows\$NtUninstallKB21633$\1797472162\Desktop.ini
    c:\windows\$NtUninstallKB21633$\1797472162\kwrd.dll
    c:\windows\$NtUninstallKB21633$\1797472162\L\fbnzapxf
    c:\windows\$NtUninstallKB21633$\1797472162\lsflt7.ver
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\$NtUninstallKB21633$\1797472162\U\[email protected]
    c:\windows\CSC\d6
    c:\windows\iun6002.exe
    c:\windows\patch.exe
    c:\windows\system32\CF14007.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-28 21:40 . 2011-11-28 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2011-11-27 03:56 . 2011-11-27 03:56 388096 ----a-r- c:\documents and settings\Adrian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-27 00:57 . 2011-11-27 00:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
    2011-11-27 00:57 . 2011-11-27 00:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    2011-11-27 00:57 . 2011-11-27 00:57 -------- d-----w- c:\program files\Uniblue
    2011-11-27 00:57 . 2011-11-27 00:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware
    2011-11-25 20:55 . 2011-11-25 20:55 -------- d-----w- C:\ERDNT
    2011-11-07 23:12 . 2011-11-07 23:12 -------- d-----w- c:\documents and settings\Adrian\Local Settings\Application Data\http___www.SynergeTechSol
    2011-11-07 23:09 . 2011-11-07 23:09 -------- d-----w- c:\program files\SynergeTech Solutions
    2011-11-07 23:01 . 2011-11-07 23:01 -------- d-----w- c:\windows\system32\XPSViewer
    2011-11-07 23:00 . 2011-11-07 23:00 -------- d-----w- c:\program files\MSBuild
    2011-11-07 23:00 . 2011-11-07 23:00 -------- d-----w- c:\program files\Reference Assemblies
    2011-11-07 23:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-11-07 22:59 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-07 22:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-11-07 22:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-11-07 22:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-11-07 22:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-11-07 22:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-07 22:54 . 2011-11-07 22:54 -------- d-----w- c:\program files\MSXML 6.0
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-15 22:40 . 2011-05-17 03:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-01 01:00 . 2008-12-22 19:16 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-08 467240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2004-08-04 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-9 147456]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\documents and settings\Adrian\Start Menu\Programs\Startup\HotSync Manager.lnk
    backup=c:\windows\pss\HotSync Manager.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^palmOne Registration.lnk]
    path=c:\documents and settings\Adrian\Start Menu\Programs\Startup\palmOne Registration.lnk
    backup=c:\windows\pss\palmOne Registration.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^SpeedPlexer.lnk]
    path=c:\documents and settings\Adrian\Start Menu\Programs\Startup\SpeedPlexer.lnk
    backup=c:\windows\pss\SpeedPlexer.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Live Menu 3.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax Live Menu 3.3.lnk
    backup=c:\windows\pss\eFax Live Menu 3.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 3.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 3.3.lnk
    backup=c:\windows\pss\eFax Tray Menu 3.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
    backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MacName.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MacName.lnk
    backup=c:\windows\pss\MacName.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-09-26 19:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infuzer]
    2005-07-07 23:49 268867 -c--a-w- c:\program files\Infuzer\Infuzer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-11-07 09:50 19968 -c----w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacLicense]
    2002-07-02 23:03 163927 -c--a-w- c:\program files\Conversions Plus\MacLic.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
    2008-01-17 17:40 991232 ----a-w- c:\program files\IBM\Lotus Forms\Viewer\3.0\masqform.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 07:56 1667584 --sh--w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
    2009-04-07 23:34 642856 -c--a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-07-12 21:19 7626752 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2006-07-12 21:19 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-07-12 21:19 1519616 ----a-w- c:\windows\SYSTEM32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-01-05 15:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2007-10-22 23:29 185632 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2006-04-04 01:12 777424 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2003-12-01 18:38 892928 -c--a-w- c:\program files\Logitech\iTouch\iTouch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R0 MacOpen;MacOpen;c:\windows\SYSTEM32\DRIVERS\MacOpen.sys [3/14/2006 1:46 PM 180316]
    R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\DRIVERS\sonypvl2.sys [5/26/2009 11:03 PM 19478]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 3:48 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/9/2010 10:20 PM 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
    R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\DRIVERS\sonypvf2.sys [5/26/2009 11:03 PM 635012]
    R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\DRIVERS\sonypvt2.sys [5/26/2009 11:03 PM 431236]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/22/2008 11:16 AM 366152]
    R2 SBKUPNT;SBKUPNT;c:\windows\SYSTEM32\DRIVERS\SBKUPNT.SYS [11/11/2010 6:02 PM 14976]
    R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [12/22/2008 11:16 AM 22216]
    S2 gupdate1c9630bcbc9d704;Google Update Service (gupdate1c9630bcbc9d704);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 12:33 AM 7390560]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    S3 NUVision;Pinnacle DVC 80 Video;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [5/27/2009 8:19 AM 155264]
    S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [2/10/2008 6:26 PM 47360]
    S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [6/29/2010 6:48 AM 27064]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
    S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 5:12 PM 14032]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-09-26 c:\windows\Tasks\Daily Backup.job
    - c:\windows\system32\ntbackup.exe [2004-10-22 07:56]
    .
    2010-09-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE4275963707.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-10 00:56]
    .
    2010-09-26 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-04 01:12]
    .
    2011-11-27 c:\windows\Tasks\RegistryBooster.job
    - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-11-27 08:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
    DPF: {B8F2846E-CE36-11D0-AC83-00C04FD97575} - hxxp://www.rockwellinstitute.com/Agent/tv_enua.exe
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
    MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    AddRemove-SpeedPlexer - c:\program files\SpeedPlexer\speedplexer_uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-28 15:50
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(576)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    - - - - - - - > 'explorer.exe'(2976)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG10\avgchsvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Executive Software\DiskeeperLite\DKService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Conversions Plus\FORMATM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files\AVG\AVG10\avgnsx.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\windows\System32\HPZipm12.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\progra~1\AVG\AVG10\avgrsx.exe
    c:\program files\AVG\AVG10\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-28 15:58:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-28 23:57
    ComboFix2.txt 2008-12-25 21:12
    ComboFix3.txt 2008-12-24 22:22
    ComboFix4.txt 2008-12-24 21:55
    ComboFix5.txt 2011-11-28 23:29
    .
    Pre-Run: 12,361,875,456 bytes free
    Post-Run: 12,390,764,544 bytes free
    .
    - - End Of File - - 3E8C20162E8E34BA5236169D82FE4A79
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    Are you able to connect to the Internet now?

    If not, please do the following:

    Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

    Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
     
  9. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    No Application Errors in last 48 hours, but 13 System Errors in last 48 hours. These are all DCOM errors. There were 8 cdrom errors in next 24 hour block which I did not include.

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 9:40:45 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 9:40:15 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 9:38:45 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 12:46:15 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 12:33:05 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 12:32:04 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10010
    Date: 11/28/2011
    Time: 12:29:27 AM
    User: ADRIANXP\Adrian
    Computer: ADRIANXP
    Description:
    The server {601AC3DC-786A-4EB0-BF40-EE3521E70BFB} did not register with DCOM within the required timeout.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 7:34:43 PM
    User: NT AUTHORITY\SYSTEM
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 7:34:00 PM
    User: ADRIANXP\Administrator
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 7:33:44 PM
    User: ADRIANXP\Administrator
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 5:18:51 PM
    User: ADRIANXP\Administrator
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service MSIServer with arguments "" in order to run the server:
    {000C101C-0000-0000-C000-000000000046}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 4:57:08 PM
    User: ADRIANXP\Administrator
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 11/26/2011
    Time: 12:01:09 PM
    User: NT AUTHORITY\SYSTEM
    Computer: ADRIANXP
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    Go to Start - Run and copy and paste the following:

    regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"

    You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then zip it and upload the zipped file here as an attachment.
     
  11. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    Results of

    regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"

    Have been uploaded.
     

    Attached Files:

  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following code box into the main text field:
      Code:
      :filefind
      afd.sys
      netbt.sys
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt


    Then please do the following:

    Go to Start - Run - type in services.msc and click OK. Scroll down to each of the following services and ouble-click on the service to open it then report back whether the status is "Stopped" or "Started" please.

    Computer Browser
    DHCP Client
    DNS Client
    IPSEC Services
    Network Connections
    Network Location Awareness (NLA)
    Server
    TCP/IP NetBIOS Helper services
    Workstation
     
  13. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    SystemLook 30.07.11 by jpshortstuff
    Log created at 08:02 on 29/11/2011 by Adrian
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "afd.sys"
    C:\I386\AFD.SYS --a--c- 131968 bytes [14:21 14/08/2004] [22:33 19/03/2004] 51B1872B62D1C335BAC53313913C8D5B
    C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 131968 bytes [15:19 08/04/2005] [22:33 19/03/2004] 51B1872B62D1C335BAC53313913C8D5B
    C:\WINDOWS\ServicePackFiles\i386\afd.sys -----c- 138496 bytes [06:14 04/08/2004] [06:14 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
    C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys --a---- 138496 bytes [15:12 22/10/2004] [06:14 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
    C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys --a--c- 138496 bytes [15:12 22/10/2004] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

    Searching for "netbt.sys"
    C:\I386\NETBT.SYS --a--c- 149248 bytes [14:22 14/08/2004] [21:48 08/07/2003] C6ED759F45B762CD5C1F69023AB90F4C
    C:\WINDOWS\$NtServicePackUninstall$\netbt.sys -----c- 149248 bytes [15:18 08/04/2005] [21:48 08/07/2003] C6ED759F45B762CD5C1F69023AB90F4C
    C:\WINDOWS\$NtUninstallKB824105$\NETBT.SYS --a--c- 157056 bytes [22:40 19/03/2004] [22:40 19/03/2004] D96F3BC5A6E7452B0E3275B560DC8528
    C:\WINDOWS\ServicePackFiles\i386\netbt.sys -----c- 162816 bytes [06:14 04/08/2004] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
    C:\WINDOWS\SYSTEM32\DLLCACHE\netbt.sys --a---- 162816 bytes [15:12 22/10/2004] [06:14 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B
    C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys --a---- 162816 bytes [15:12 22/10/2004] [06:14 04/08/2004] 6E4379EEBD79A6FF83D6D0241EAAB496

    -= EOF =-


    Computer Browser - Started
    DHCP Client - Not Started
    DNS Client - Started
    IPSEC Services - Started
    Network Connections - Started
    Network Location Awareness (NLA) - Started
    Server - Started
    TCP/IP NetBIOS Helper services - Not Started
    Workstation - Started
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,808
    First Name:
    Karen
    I'm attaching a NetBTAdrianThomas.zip file to this post. Save it and transfer it to the desktop of the infected computer via USB flash drive. Unzip it (extract the file) and double-click the NetBT AdrianThomas.reg file and allow it to merge into the registry.

    Then go back to Start - Run - Services.msc and try to start these two services in this order. If the first one won't start then try starting the other one first and go back to first one after.

    TCP/IP NetBIOS Helper services
    DHCP Client

    If you are successful in starting them, reboot the machine and try your Internet Connection. If it doesn't connect, check those two services again as you may have to restart one or both of them again and then try the connection.
     

    Attached Files:

  15. adrianthomas

    adrianthomas Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    81
    Executed exactly as described above. Tried to start TCP/IP first got same Error 1075. then tried DHCP and got same Error.

    I then Enabled the Lan Connection from Control Panel> Internet Connections, and tried again first one then the other,
    and got the same Error 1975 The dependency service does not exist or has been marked for deletion.

    Still no joy. Thanks so much for helping me with this. Is there anything I can be adding to the dialogue so other could use it to help themselves, or is it too machine specific.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028591

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice