also @ TechSpot: Lenovo sees huge increase in PC sales as rest of industry declines

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Not acquiring network address

Discussion in 'Virus and Malware Removal' started by CadDog, May 3, 2012.

Post New Reply

Page 2 of 4

Broni Malware Annihilator Posts: 39,349 +175

just to turn on the auto detect settings under "loacal area network (LAN) settings...

Still no connection?

Re-run MiniToolbox with only this option checked:
- List IP configuration

Broni, May 3, 2012

#21
CadDog Newcomer, in training Posts: 51

Broni said: ↑

Still no connection?

Re-run MiniToolbox with only this option checked:
- List IP configuration

Here is what I got:
==============
MiniToolBox by Farbar Version: 18-01-2012
Ran by (administrator) on 03-05-2012 at 20:05:26
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1490 Dual Band WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Bluetooth Network Connection"

set address name="Bluetooth Network Connection" source=dhcp
set dns name="Bluetooth Network Connection" source=dhcp register=PRIMARY
set wins name="Bluetooth Network Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : djsystem02

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-15-C5-1E-3F-9D

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2

Physical Address. . . . . . . . . : 00-16-41-73-E4-B1

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-CE-6E-81-FA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : ?

?

?

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 15 c5 1e 3f 9d ...... Broadcom 440x 10/100 Integrated Controller
0x10005 ...00 16 41 73 e4 b1 ...... Bluetooth Device (Personal Area Network) #2
0x30004 ...00 16 ce 6e 81 fa ...... Dell Wireless 1490 Dual Band WLAN Mini-Card
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 30004 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
255.255.255.255 255.255.255.255 255.255.255.255 10005 1
===========================================================================
Persistent Routes:
None

**** End of log ****

CadDog, May 3, 2012

#22
Broni Malware Annihilator Posts: 39,349 +175

When you get home I want you to get ethernet cable and see if you can connect that way.

Broni, May 3, 2012

#23
CadDog Newcomer, in training Posts: 51

Well, to my surprise, I wouldn't able to connect...
While the local area connection status showed that it was connected
again I was able to get on the internet...

It was showing the same problem with not being able to acquire network address...

I through for sure I would be able to hard wire connect...

What now...???

Do you think I still have a virus on this laptop...?
Again, before I posted here I ran Comb-Fix which it claimed that it found Root###Access...
Do you think that may be it...

Sorry, for trying to do your job but I just wanted to let you know what I done and found before I started this thread.

Thanks

CadDog, May 4, 2012

#24
Broni Malware Annihilator Posts: 39,349 +175

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Broni, May 4, 2012

#25

CadDog Newcomer, in training Posts: 51

Step 1 Done...

Download and installed Avast and Rebooted...

Step 2 Done...

Ran Malwarebytes Anti-Malware...

Here is that report:

=============
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
User :: DJSYSTEM02 [administrator]

Protection: Enabled

5/4/2012 6:39:22 PM
mbam-log-2012-05-04 (18-39-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207318
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

CadDog, May 4, 2012

#26

CadDog Newcomer, in training Posts: 51

Step Done...

Download and ran Gmer...

Here is the report:
============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-04 19:01:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: p5wl2qnt.exe; Driver: C:\DOCUME~1\JESSEW~1\LOCALS~1\Temp\kglcyaob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA83CA28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA83CA0F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

CadDog, May 4, 2012

#27
CadDog Newcomer, in training Posts: 51

Step 4...

Download and ran DDS...

Here is both for the reports:
===================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by CadDog at 19:10:09 on 2012-05-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2546 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlcccoms.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: ReadingBar: {5420be57-2ed4-4f4f-9eb9-381cec2290e7} - c:\program files\readbar\ReadBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315245314984
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279586973984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280681180375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\CadDog\application data\mozilla\firefox\profiles\4uvg2s5g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-17 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-4 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-4 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-4 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-4 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-26 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22344]
S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
S2 mpfirewl;Mr2kserv;c:\windows\system32\svchost.exe -k netsvcs [2002-9-3 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-17 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-17 1150936]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
.
=============== Created Last 30 ================
.
2012-05-05 01:32:30612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-05 01:32:0241184----a-w-c:\windows\avastSS.scr
2012-05-05 01:31:41--------d-----w-c:\program files\AVAST Software
2012-05-05 01:31:41--------d-----w-c:\documents and settings\all users\application data\AVAST Software
2012-05-04 00:00:10--------d-----w-c:\windows\system32\NtmsData
2012-05-03 23:48:00--------d-----w-c:\windows\system32\CatRoot2
2012-05-02 23:43:4798816----a-w-c:\windows\sed.exe
2012-05-02 23:43:47518144----a-w-c:\windows\SWREG.exe
2012-05-02 23:43:47256000----a-w-c:\windows\PEV.exe
2012-05-02 23:43:47208896----a-w-c:\windows\MBR.exe
2012-05-02 01:15:13--------d-----w-c:\program files\My Company Name
2012-05-02 00:49:34--------d-----w-c:\documents and settings\CadDog\local settings\application data\Toshiba
2012-05-02 00:46:5273600----a-w-c:\windows\system32\drivers\Tosrfhid.sys
2012-05-02 00:46:5241856----a-w-c:\windows\system32\drivers\tosrfusb.sys
2012-05-02 00:46:52113920----a-w-c:\windows\system32\drivers\tosrfbd.sys
2012-05-02 00:46:5136480----a-w-c:\windows\system32\drivers\tosrfbnp.sys
2012-05-02 00:46:5118612----a-w-c:\windows\system32\drivers\tosrfnds.sys
2012-05-02 00:46:5064896----a-w-c:\windows\system32\drivers\tosrfcom.sys
2012-05-02 00:46:5041600----a-w-c:\windows\system32\drivers\tosporte.sys
2012-05-02 00:46:33--------d-----w-c:\program files\Toshiba
2012-05-02 00:44:3731744----a-w-c:\windows\system32\drivers\csrbcxp.sys
.
==================== Find3M ====================
.
2012-05-05 01:56:464766----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-04-04 22:56:4022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-04 20:03:17138496----a-w-c:\windows\system32\drivers\afd.sys
2012-04-01 17:57:1670304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-01 17:57:16418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-02-25 22:55:4073728----a-w-c:\windows\system32\javacpl.cpl
2012-02-25 22:55:40472808----a-w-c:\windows\system32\deployJava1.dll
2011-02-19 22:13:478768200----a-w-c:\program files\common files\lpuninstall.exe
.
============= FINISH: 19:10:59.12 ===============

CadDog, May 4, 2012

#28
CadDog Newcomer, in training Posts: 51

Second File: (attach.txt)
=====================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2007 10:34:29 PM
System Uptime: 5/4/2012 6:51:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0NF743
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 42.912 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&346F9A3C&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&346F9A3C&0&0102
Service:
.
==== System Restore Points ===================
.
RP49: 2/25/2012 2:54:42 PM - Restore Operation
RP50: 2/25/2012 2:54:49 PM - Removed Java(TM) 6 Update 11
RP51: 2/25/2012 2:55:27 PM - Installed Java(TM) 6 Update 31
RP52: 3/2/2012 4:24:57 PM - Installed Ultra Hal Text-to-Speech Reader
RP53: 3/3/2012 9:37:45 PM - System Checkpoint
RP54: 3/5/2012 1:24:33 PM - System Checkpoint
RP55: 3/10/2012 12:49:03 PM - Removed Ultra Hal Text-to-Speech Reader
RP56: 3/12/2012 9:27:51 AM - System Checkpoint
RP57: 3/12/2012 6:34:27 PM - Spyware Doctor: Cleaning Threats
RP58: 3/12/2012 6:42:52 PM - Installed VirtualDJ PRO Full
RP59: 3/16/2012 6:13:49 PM - System Checkpoint
RP60: 3/17/2012 2:22:32 PM - Spyware Doctor: Cleaning Threats
RP61: 3/17/2012 3:21:27 PM - Spyware Doctor: Cleaning Threats
RP62: 3/30/2012 11:14:53 PM - Installed Dell Driver Reset Tool
RP63: 4/1/2012 10:42:34 AM - Spyware Doctor: Cleaning Threats
RP64: 4/2/2012 8:08:18 PM - Spyware Doctor: Cleaning Threats
RP65: 4/2/2012 8:09:32 PM - Spyware Doctor: Cleaning Threats
RP66: 4/2/2012 8:10:32 PM - Spyware Doctor: Cleaning Threats
RP67: 4/3/2012 5:34:55 PM - Spyware Doctor: Cleaning Threats
RP68: 4/3/2012 5:35:53 PM - Spyware Doctor: Cleaning Threats
RP69: 4/14/2012 9:13:12 AM - Restore Operation
RP70: 4/14/2012 9:14:37 AM - Restore Operation
RP71: 4/14/2012 9:40:46 AM - Restore Operation
RP72: 4/22/2012 9:29:21 PM - Restore Operation
RP73: 4/24/2012 2:29:50 PM - System Checkpoint
RP74: 5/1/2012 5:46:29 PM - Installed Bluetooth Stack for Windows by Toshiba
RP75: 5/3/2012 11:13:40 AM - System Checkpoint
RP76: 5/4/2012 6:31:41 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
Audiograbber 1.83 SE
Audiograbber MP3 Plugin
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
Broadcom 440x 10/100 Integrated Controller
CCleaner
Compatibility Pack for the 2007 Office system
Delicious Add-on for Internet Explorer
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Dell Wireless WLAN Card
FolderSync 1.1
Free YouTube to MP3 Converter version 3.10.14.1206
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 31
L&H TTS3000 British English
L&H TTS3000 Deutsch
L&H TTS3000 Español
L&H TTS3000 Français
L&H TTS3000 Italiano
L&H TTS3000 Nederlands
LastPass (uninstall only)
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Networks Media Player for Internet Explorer
Mozilla Firefox 11.0 (x86 en-US)
Multiple File Search and Replace
muvee Reveal Seagate Edition
Notepad++
PCDJ DAC-2 USB Drivers
PCDJ Red
PCDJ Red 5.2
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
SigmaTel Audio
Sony Media Manager 2.1
Spyware Doctor with AntiVirus 8.0
TagScanner 5.1.605
Tango
TreeSize Professional 2.43
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virtual DJ - Atomix Productions
Virtual DJ Pro Full - Atomix Productions
VirtualDJ PRO Full
WavePad Uninstall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/4/2012 5:30:50 PM, error: PSched [14107] - QoS [Adapter {0F146D1C-DAEC-47A7-8447-53931ED9F84C}]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
5/3/2012 8:04:46 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library USB DISK 2.0 USB Device.
5/3/2012 5:01:00 PM, error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:40 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2012 4:58:10 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
5/2/2012 4:58:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Windowblinds service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Vstor2-ws60 service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Swmsflt service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Sscdbhk5 service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The SE2Bbus service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The RapiMgr service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Perfdisk service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Mxnic service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Mr2kserv service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Klblmain service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Icam4usb service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Iam service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The E1000 service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Djsnetcn service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Cdfsvc service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The A016bus service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/2/2012 4:13:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 4:13:45 PM, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The system cannot find the file specified.
5/2/2012 4:08:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32
5/2/2012 4:08:36 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
5/2/2012 4:08:36 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
5/2/2012 4:08:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2012 4:08:36 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2012 2:50:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/2/2012 2:16:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 1:27:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 1:27:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2012 6:30:19 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
5/1/2012 4:39:42 PM, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
.
==== End Of File ===========================

CadDog, May 4, 2012

#29
CadDog Newcomer, in training Posts: 51

Step 5...

See above Logs...

Let me know if I missed any...

Thanks

CadDog, May 4, 2012

#30
Broni Malware Annihilator Posts: 39,349 +175
You're running three AV programs, Spyware Doctor with AntiVirus, Avast and McAfee.
You must uninstall TWO of them.
If McAfee is one of them use this tool to uninstall it: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

When done....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, May 4, 2012

#31
Broni Malware Annihilator Posts: 39,349 +175

We posted at the same time....

Broni, May 4, 2012

#32
CadDog Newcomer, in training Posts: 51

Removed two of the programs as directed.

Here is the aswMER report:
====================
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-05 07:20:27
-----------------------------
07:20:27.453 OS Version: Windows 5.1.2600 Service Pack 3
07:20:27.453 Number of processors: 2 586 0xE08
07:20:27.453 ComputerName: DJSYSTEM02 UserName:
07:20:28.031 Initialize success
07:20:28.218 AVAST engine defs: 12030600
07:20:51.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:20:51.921 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 76319MB BusType: 3
07:20:51.921 Disk 0 MBR read successfully
07:20:51.921 Disk 0 MBR scan
07:20:51.921 Disk 0 Windows XP default MBR code
07:20:51.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
07:20:51.921 Disk 0 scanning sectors +156296385
07:20:52.031 Disk 0 scanning C:\WINDOWS\system32\drivers
07:21:04.968 Service scanning
07:21:21.640 Modules scanning
07:21:27.296 Disk 0 trace - called modules:
07:21:27.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:21:27.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae858f0]
07:21:27.312 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ad943b8]
07:21:27.312 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8adaf940]
07:21:27.859 AVAST engine scan C:\WINDOWS
07:21:35.937 AVAST engine scan C:\WINDOWS\system32
07:23:30.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:23:40.750 AVAST engine scan C:\Documents and Settings\Jesse Wheat
07:28:39.640 AVAST engine scan C:\Documents and Settings\All Users
07:28:58.078 Scan finished successfully
07:29:44.781 Disk 0 MBR has been saved successfully to "F:\! 01 A Problem\MBR.dat"
07:29:44.812 The log file has been saved successfully to "F:\! 01 A Problem\aswMBR.txt"

=========
I also saved a copy of both MBR.dat and aswMBR.txt on my desktop...

CadDog, May 5, 2012

#33
CadDog Newcomer, in training Posts: 51

Here is the Bootkit report:
==================
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

CadDog, May 5, 2012

#34
Broni Malware Annihilator Posts: 39,349 +175
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, May 5, 2012

#35
CadDog Newcomer, in training Posts: 51

ComboFix is telling me through a dialog that
both McAfee and Spyware are running
but I have uninstalled them on the steps above.
I also check control "add and remove" I didn't these there...
I stop ComboFix and turn my laptop off for a minute
and try to run ComboFix again and got the same message...

What should I do...???

CadDog, May 5, 2012

#36
Broni Malware Annihilator Posts: 39,349 +175

If Combofix just warns you but it'll run go for it.

Broni, May 5, 2012

#37
CadDog Newcomer, in training Posts: 51

ComboFix stated "the above are active"
I hit ok

the laptop does not have Recovery console installed. An existing installation of the recovery console may be prevent but requires updating.

Without it, ComboFix shall not attempt the fixing of some serious infections.

check YES to have ComboFix download/install it.

Note: this requires an active internet connection...
(Which I don't have at this time. What should I do...???)

Do I select Yes knowing I don't a connection or
No...???

Sorry for all these small questions...

CadDog, May 5, 2012

#38
Broni Malware Annihilator Posts: 39,349 +175

Skip Recovery Console installation.

Broni, May 5, 2012

#39
CadDog Newcomer, in training Posts: 51

I selected NO...
It is running now...

ComboFix...

Now it states:

That I have RootkitZeroAccess
which has installed itself into the tcp/ip...

ComboFix... continued myself...

Now ... is rebooting...

(sorry the other step didn't have so many warning and dialog coming up)

NOTE: I'm using a flash drive to load all these programs..

ComboFix... is continuing to run...

It is now going through Stage_1.... etc...

CadDog, May 5, 2012

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.