TechSpot

Sirefef trojans and other junk

Inactive
By Maddogg
Aug 13, 2012
  1. Just got my moms laptop and it seems to be really messed up. She had no virus protection so I put eset on it and got rid of some of the trojans but some are still on it atm will post logs in next replys
  2. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Liz :: LIZ-9E9B10 [administrator]

    8/12/2012 10:30:02 PM
    mbam-log-2012-08-12 (22-30-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198687
    Time elapsed: 22 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Liz\Local Settings\Application Data\{20775727-bc00-6179-def8-111ea385dca2}\n. -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{20775727-bc00-6179-def8-111ea385dca2}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Documents and Settings\Liz\Local Settings\Temp\14.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Liz\Local Settings\Temp\A.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\{20775727-bc00-6179-def8-111ea385dca2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpbt0.dll (Exploit.Drop.GS) -> Quarantined and deleted successfully.

    (end)
  3. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-13 00:26:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST960821A rev.3.02
    Running: gmer.exe; Driver: C:\DOCUME~1\Liz\LOCALS~1\Temp\fwliyfow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82A792E2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-4 82A792E2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 82A792E2

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

    ---- EOF - GMER 1.0.15 ----
  4. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Liz at 0:27:12 on 2012-08-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.120 [GMT -7:00]
    .
    AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: mswsock.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxsrvc.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\liz\application data\mozilla\firefox\profiles\onrjgfup.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\liz\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-13 113120]
    .
    =============== Created Last 30 ================
    .
    2012-08-13 05:25:50 -------- d-----w- c:\documents and settings\liz\application data\Malwarebytes
    2012-08-13 05:24:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-08-13 05:24:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-13 05:24:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-12 23:57:27 -------- d-----w- c:\documents and settings\liz\local settings\application data\ESET
    2012-08-12 23:57:27 -------- d-----w- c:\documents and settings\liz\application data\ESET
    2012-08-12 23:27:17 -------- d-----w- c:\program files\ESET
    2012-07-30 23:43:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-30 23:43:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-20 21:31:45 -------- d-----w- c:\documents and settings\liz\local settings\application data\WMTools Downloaded Files
    .
    ==================== Find3M ====================
    .
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST960821A rev.3.02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82A794B1]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82a8093c]; MOV EAX, [0x82a80ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x82BD78C8]
    3 CLASSPNP[0xF84D4FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000076[0x82BD8650]
    5 ACPI[0xF834B620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x82BE6D98]
    \Driver\atapi[0x82AC6F38] -> IRP_MJ_CREATE -> 0x82A794B1
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82A792E2
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 0:29:07.37 ===============
  5. Maddogg

    Maddogg TS Rookie Topic Starter Posts: 23

    And last DDS Attach
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/15/2009 5:01:07 PM
    System Uptime: 8/12/2012 11:57:41 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 09BC
    Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 1596/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 40.64 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3081103C&REV_00\4&1D3F0FBB&0&33F0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_8033&SUBSYS_3081103C&REV_00\4&1D3F0FBB&0&33F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP235: 5/24/2012 11:53:24 AM - Software Distribution Service 3.0
    RP236: 5/24/2012 1:38:37 PM - Software Distribution Service 3.0
    RP237: 5/24/2012 9:27:51 PM - Software Distribution Service 3.0
    RP238: 5/26/2012 2:33:05 PM - Software Distribution Service 3.0
    RP239: 5/27/2012 8:46:29 PM - System Checkpoint
    RP240: 5/29/2012 9:53:30 PM - System Checkpoint
    RP241: 6/2/2012 7:45:56 AM - System Checkpoint
    RP242: 6/4/2012 9:09:11 PM - System Checkpoint
    RP243: 6/4/2012 9:28:38 PM - Software Distribution Service 3.0
    RP244: 6/13/2012 11:40:47 PM - Software Distribution Service 3.0
    RP245: 6/15/2012 5:29:45 PM - System Checkpoint
    RP246: 6/16/2012 7:29:15 PM - System Checkpoint
    RP247: 6/18/2012 12:33:13 PM - System Checkpoint
    RP248: 6/20/2012 12:15:45 PM - System Checkpoint
    RP249: 7/4/2012 3:09:26 PM - System Checkpoint
    RP250: 7/11/2012 9:03:12 PM - System Checkpoint
    RP251: 7/12/2012 10:05:57 AM - Software Distribution Service 3.0
    RP252: 7/17/2012 7:49:13 PM - System Checkpoint
    RP253: 7/20/2012 2:22:03 PM - System Checkpoint
    RP254: 7/30/2012 4:29:00 PM - Software Distribution Service 3.0
    RP255: 8/12/2012 2:58:37 PM - Removed SUPERAntiSpyware Free Edition
    RP256: 8/12/2012 4:27:11 PM - Installed ESET Smart Security
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 6.0.1
    Agere Systems AC'97 Modem
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Broadcom 802.11 Wireless LAN Adapter
    ESET Smart Security
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Help and Support
    HP Update
    HP Wireless Assistant 1.01 A3
    Intel(R) Graphics Media Accelerator Driver for Mobile
    InterActual Player
    InterVideo WinDVD
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java Auto Updater
    Java(TM) 6 Update 26
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Professional
    Microsoft Silverlight
    Move Media Player
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.0 - SE
    Quick Launch Buttons 5.10 A2
    QuickTime
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    SoundMAX
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    Yahoo! Detect
    Zone Deluxe Games
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 8:35:26 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0012F0B2B4BE has been denied by the DHCP server 172.16.0.199 (The DHCP Server sent a DHCPNACK message).
    8/8/2012 1:01:08 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/7/2012 9:27:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/7/2012 9:27:46 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F0B2B4BE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    8/13/2012 12:01:40 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    8/12/2012 2:59:15 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    8/12/2012 11:59:36 PM, error: System Error [1003] - Error code 10000050, parameter1 ff46700b, parameter2 00000000, parameter3 a601bbc2, parameter4 00000000.
    8/12/2012 10:59:54 PM, error: Service Control Manager [7034] - The HP WMI Interface service terminated unexpectedly. It has done this 1 time(s).
    8/12/2012 10:59:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    8/12/2012 10:59:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
    8/12/2012 10:59:34 PM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/12/2012 10:58:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/12/2012 1:58:57 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0012F0B2B4BE has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello!

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.