TechSpot

[A] Have system check virus and all programs and files gone

By truthandlife
Feb 5, 2012
  1. I have the system check virus and all of my programs and files are hidden or gone. I can get into safe mode but cannot get into regular mode. What do I need to share with you to see if I can get rid of this? Thank you.
     
  2. truthandlife

    truthandlife TS Rookie Topic Starter

    Tried to download MalwareBytes but says, "access denied."
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Use another working computer and USB flash drive to transfer necessary tools to bad computer.
    Safe mode will be fine for now.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. truthandlife

    truthandlife TS Rookie Topic Starter

    .Malwarebytes Anti-Malware log - Do the steps and says "no access"

    GMER log - Nothing recorded

    DDS logs: both DDS.txt (below)

    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Run by c00nej at 21:54:35 on 2012-02-05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.803 [GMT -6:00]
    .
    AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    FW: McAfee Host Intrusion Prevention Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\c00nej\Local Settings\Temporary Internet Files\Content.IE5\U2P9EEHH\rkill[1].exe
    C:\DOCUME~1\c00nej\LOCALS~1\Temp\RarSFX6\nird\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://iConnect.thermofisher.net/
    uDefault_Page_URL = hxxp://iConnect.thermofisher.net/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111229073943.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MeetingLauncher] "c:\program files\meeting center\modules\launcher\mcLauncher.exe"
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [AClntUsr] c:\altiris\aclient\AClntUsr.EXE
    mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
    mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
    mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
    mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
    mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [hxmihOGCcujDAx.exe] c:\documents and settings\all users\application data\hxmihOGCcujDAx.exe
    StartupFolder: c:\docume~1\c00nej\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
    mPolicies-system: MaxGPOScriptWait = 1800 (0x708)
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: hp.com\ppm-thermofisher.saas
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325720141061
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-amer.thermofisher.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AF385598-3D61-43AC-B9D2-097B477AC2D7} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{FF1DC956-5C58-4137-A144-2C9E2C9DCDBD} : DhcpNameServer = 10.0.1.15 10.0.20.46
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Notify: atmgrtok - atmgrtok.dll
    Notify: pcsinst - pcsinst.dll
    Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll
    AppInit_DLLs: AMINIT.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\c00nej\application data\mozilla\firefox\profiles\2ytw07r4.default\
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\meeting center\modules\firefox\plugins\npMCInstall.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-29 461864]
    R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2011-11-3 17968]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-29 89624]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-29 160344]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 148520]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2011-12-29 240344]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-29 338040]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-28 83720]
    S1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2005-3-23 9216]
    S2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\shared components\cam\bin\cam.exe [2011-12-29 181512]
    S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csam\sockadapter\bin\CSAMPmux.exe [2009-1-23 159744]
    S2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2009-10-3 195848]
    S2 CASPLiteAgent;CA Systems Performance LiteAgent;c:\program files\ca\sc\systems performance liteagent\bin\casplitegent.exe [2009-2-12 135168]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-9-12 488824]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-1-4 99896]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-10-24 165440]
    S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
    S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-29 166024]
    S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
    S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-12-29 113664]
    S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-12-29 33832]
    S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2011-12-29 39336]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2011-12-29 145616]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-29 180072]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-29 59288]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-28 83720]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 87808]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-1-4 17408]
    S3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2009-10-3 26128]
    S3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2009-10-3 9872]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2011-11-3 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-05 04:46:17 610070 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-05 04:44:29 349184 ---ha-w- c:\documents and settings\all users\application data\yBsRpV4UqaHMCP.exe
    2012-02-05 01:11:10 -------- d--h--w- c:\documents and settings\all users\application data\PC Tools
    2012-02-04 23:55:08 -------- d--h--w- c:\program files\ESET
    2012-02-04 23:38:31 -------- d--h--w- C:\_OTL
    2012-02-04 20:11:25 441344 ---ha-w- c:\documents and settings\all users\application data\hxmihOGCcujDAx.exe
    2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-01-27 21:41:43 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-01-27 21:41:43 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-01-27 21:40:01 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Apple
    2012-01-27 21:39:37 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Apple Computer
    2012-01-24 10:22:10 -------- d--h--w- c:\program files\MSXML 4.0
    2012-01-24 02:08:42 -------- d--h--w- c:\documents and settings\c00nej\application data\Windows Search
    2012-01-16 03:24:07 -------- d--h--w- c:\program files\CCleaner
    2012-01-13 22:17:51 -------- d--h--w- c:\documents and settings\c00nej\application data\Xerox
    2012-01-13 16:12:16 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Evernote
    2012-01-12 21:26:07 185920 ---ha-w- c:\program files\mozilla firefox\distribution\bundles\{b7082faa-cb62-4872-9106-e42dd88ede45}\components\McFFPlg.dll
    2012-01-12 00:19:16 4448256 ---ha-w- c:\windows\system32\GPhotos.scr
    2012-01-10 04:53:59 319488 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
    2012-01-10 04:53:58 125440 ---ha-w- c:\windows\system32\hpf3l02t.dll
    2012-01-10 04:53:43 15104 -c-ha-w- c:\windows\system32\dllcache\usbscan.sys
    2012-01-10 04:53:43 15104 ---ha-w- c:\windows\system32\drivers\usbscan.sys
    2012-01-10 04:53:15 -------- d--h--w- c:\program files\Microsoft
    2012-01-10 04:52:37 -------- d--h--w- c:\program files\Bing Bar Installer
    2012-01-10 04:52:09 -------- d--h--w- c:\program files\common files\HP
    2012-01-10 04:52:09 -------- d--h--w- c:\program files\common files\Hewlett-Packard
    2012-01-10 04:51:34 454504 ---ha-w- c:\windows\system32\hpzids01.dll
    2012-01-10 04:51:32 21568 ---ha-w- c:\windows\system32\drivers\HPZius12.sys
    2012-01-10 04:51:31 49920 ---ha-w- c:\windows\system32\drivers\HPZid412.sys
    2012-01-10 04:51:31 16496 ---ha-w- c:\windows\system32\drivers\HPZipr12.sys
    2012-01-10 04:51:30 970752 ---ha-w- c:\windows\system32\hpwtiop4.dll
    2012-01-10 04:51:30 718336 ---ha-w- c:\windows\system32\hpwwiax5.dll
    2012-01-10 04:51:30 372736 ---ha-w- c:\windows\system32\hppldcoi.dll
    2012-01-10 04:51:30 294912 ---ha-w- c:\windows\system32\hpovst11.dll
    2012-01-08 19:16:57 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Google
    2012-01-07 20:40:45 -------- d--h--w- c:\documents and settings\c00nej\application data\Malwarebytes
    2012-01-07 20:40:33 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-07 20:40:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-07 20:40:32 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-07 20:31:55 -------- d--h--w- C:\Quarantine
    .
    ==================== Find3M ====================
    .
    2012-02-04 17:58:11 2401 ---ha-w- c:\windows\system32\drivers\AlKernel.sys
    2012-01-03 21:12:32 13844000 ---ha-w- c:\program files\common files\lpuninstall.exe
    2012-01-03 21:05:53 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-29 13:38:39 89624 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-12-29 13:38:39 87808 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
    2011-12-29 13:38:39 148520 ---ha-w- c:\windows\system32\mfevtps.exe
    2011-12-29 13:38:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-12-29 13:38:38 74848 ---ha-w- c:\windows\system32\MfeOtlkAddin.dll
    2011-12-29 13:38:38 59288 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
    2011-12-29 13:38:38 461864 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
    2011-12-29 13:38:38 22816 ---ha-w- c:\windows\system32\MFEOtlk.dll
    2011-12-29 13:38:38 180072 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-12-29 13:38:38 119968 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-12-29 13:24:21 21419 ---ha-w- c:\windows\system32\drivers\iPassP.sys
    2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ---ha-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ---ha-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ---ha-w- c:\windows\system32\schannel.dll
    2011-11-11 02:07:59 99896 ---ha-w- c:\windows\system32\HPSIsvc.exe
    .
    ============= FINISH: 22:01:01.21 ===============
     
  5. truthandlife

    truthandlife TS Rookie Topic Starter

    Attach.txt (below)


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/29/2011 7:05:51 AM
    System Uptime: 2/4/2012 10:53:01 PM (24 hours ago)
    .
    Motherboard: Dell Inc. | | 0RX495
    Processor: Intel Pentium III Xeon processor | Microprocessor | 2393/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 21.012 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 3600
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 3600
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 4700
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 4700
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp color LaserJet 4650
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: hp color LaserJet 4650
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet P4014
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet P4014
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 4700
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 4700
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 2840
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 2840
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 4700
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 4700
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0008
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0008
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    6500_E709_BasicWeb
    6500_E709_Help_BasicWeb
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player
    Altiris Application Metering Agent
    Altiris Carbon Copy Solution Agent
    Altiris Carbon Copy Solution Agent 6.1
    Altiris PC Transplant Capture Agent
    Altiris Software Delivery Solution Agent
    Altiris Task Synchronization Agent
    Apple Application Support
    Apple Software Update
    bpd_scan
    BPDSoftware_Ini
    BufferChm
    CA Asset Management Performance LiteAgent
    CA DSM Agent + Asset Management plugin
    CA DSM Agent + Remote Control plugin
    CA DSM Agent + Software Delivery plugin
    CA Secure Socket Adapter
    CA Systems Performance LiteAgent
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Dell Touchpad
    DW WLAN Card Utility
    ESET Online Scanner v3
    Evernote v. 4.5.2
    Gadwin PrintScreen
    Genesys Meeting Center
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP LaserJet Professional P1100-P1560-P1600 Series
    HP Officejet 6500 E709 Series
    hppLaserJetService
    hppP1100P1560P1600SeriesLaserJetService
    hppusgP1100P1560P1600Series
    HPSSupply
    IBM Personal Communications
    iPassConnect
    J2SE Runtime Environment 5.0 Update 20
    Java Auto Updater
    Java(TM) 6 Update 20
    Juniper Networks Host Checker
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Setup Client
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    McAfee Agent
    McAfee Host Intrusion Prevention
    McAfee SiteAdvisor Enterprise
    McAfee VirusScan Enterprise
    MetaFrame Presentation Server Client
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel 2007 Get Started Tab
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint 2007 Get Started Tab
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio Viewer 2007
    Microsoft Office Word 2007 Get Started Tab
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 10.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    Network
    NVIDIA Drivers
    Picasa 3
    PowerDVD
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2124261)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2290570)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB970483)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975254)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976323)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Toolbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WebReg
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/4/2012 9:16:48 AM, error: Dhcp [1002] - The IP address lease 10.73.192.233 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/4/2012 5:38:33 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).
    2/4/2012 5:11:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/4/2012 4:26:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CCDevice Fips intelppm
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC X.25 service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC V25bis signalling service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC SDLC service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC SDLC Leased service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC QLLC service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Mapper service depends on the PDLC X.25 service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC LAPB service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Hayes At signalling service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC DLC Classes service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Connection Manager service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Buffer Manager service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Adapter Factory service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The IBM Enterprise Extender (HPR/IP) service depends on the PDLC OEM Interface service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The AppnApi service depends on the PDLC Mapper service which failed to start because of the following error: The dependency service or group failed to start.
    2/4/2012 4:25:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/3/2012 5:26:35 AM, error: Dhcp [1002] - The IP address lease 10.73.168.11 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/2/2012 7:52:54 AM, error: Dhcp [1002] - The IP address lease 10.73.198.77 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/2/2012 6:56:33 AM, error: Dhcp [1002] - The IP address lease 10.73.166.7 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/2/2012 6:45:03 AM, error: Dhcp [1002] - The IP address lease 192.168.0.49 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    2/2/2012 12:54:34 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HOU-C00AFL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF385598-3D61-43A. The master browser is stopping or an election is being forced.
    2/1/2012 8:18:20 PM, error: Dhcp [1002] - The IP address lease 10.73.194.112 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/1/2012 7:52:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
    2/1/2012 7:51:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    2/1/2012 7:23:37 PM, error: Service Control Manager [7034] - The iPassPeriodicUpdateApp service terminated unexpectedly. It has done this 1 time(s).
    2/1/2012 5:19:46 AM, error: Dhcp [1002] - The IP address lease 10.73.196.254 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    2/1/2012 3:29:43 PM, error: NETLOGON [5719] - No Domain Controller is available for domain AMER due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/31/2012 8:23:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.76 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 10.0.20.14 (The DHCP Server sent a DHCPNACK message).
    1/31/2012 7:02:06 AM, error: Dhcp [1002] - The IP address lease 10.73.160.80 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    1/31/2012 10:14:59 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
    1/31/2012 10:14:56 PM, error: Dhcp [1002] - The IP address lease 10.10.23.86 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    1/30/2012 7:59:01 AM, error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
    1/29/2012 4:36:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    1/29/2012 11:40:47 AM, error: Dhcp [1002] - The IP address lease 10.73.163.10 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  7. truthandlife

    truthandlife TS Rookie Topic Starter

    Avast was downloaded but will not open

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  9. truthandlife

    truthandlife TS Rookie Topic Starter

    Here is the 32. The 64 wouldn't open.

    ListParts by Farbar
    Ran by c00nej on 06-02-2012 at 19:50:23
    Windows XP (X86)
    Running From: C:\Documents and Settings\c00nej\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 33%
    Total physical RAM: 2035.83 MB
    Available physical RAM: 1356.38 MB
    Total Pagefile: 4956.64 MB
    Available Pagefile: 4466.27 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2003.95 MB

    ======================= Partitions =========================

    1 Drive c: (OSDisk) (Fixed) (Total:74.53 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 75 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 75 GB 32 KB
    Partition 2 Unknown 2544 KB 75 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OSDisk NTFS Partition 75 GB Healthy Boot

    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.


    ****** End Of Log ******
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We have TDL rootkit there.

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Press Tool at the top
    • Choose Open Terminal
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 2
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...