Inactive [A] Have system check virus and all programs and files gone

[truthandlife]

I have the system check virus and all of my programs and files are hidden or gone. I can get into safe mode but cannot get into regular mode. What do I need to share with you to see if I can get rid of this? Thank you.

 

[truthandlife]

Tried to download MalwareBytes but says, "access denied."

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Use another working computer and USB flash drive to transfer necessary tools to bad computer.
Safe mode will be fine for now.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[truthandlife]

.Malwarebytes Anti-Malware log - Do the steps and says "no access"

GMER log - Nothing recorded

DDS logs: both DDS.txt (below)

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by c00nej at 21:54:35 on 2012-02-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.803 [GMT -6:00]
.
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\c00nej\Local Settings\Temporary Internet Files\Content.IE5\U2P9EEHH\rkill[1].exe
C:\DOCUME~1\c00nej\LOCALS~1\Temp\RarSFX6\nird\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://iConnect.thermofisher.net/
uDefault_Page_URL = hxxp://iConnect.thermofisher.net/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111229073943.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MeetingLauncher] "c:\program files\meeting center\modules\launcher\mcLauncher.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AClntUsr] c:\altiris\aclient\AClntUsr.EXE
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"
mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hxmihOGCcujDAx.exe] c:\documents and settings\all users\application data\hxmihOGCcujDAx.exe
StartupFolder: c:\docume~1\c00nej\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
mPolicies-system: MaxGPOScriptWait = 1800 (0x708)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: hp.com\ppm-thermofisher.saas
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325720141061
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-amer.thermofisher.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AF385598-3D61-43AC-B9D2-097B477AC2D7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FF1DC956-5C58-4137-A144-2C9E2C9DCDBD} : DhcpNameServer = 10.0.1.15 10.0.20.46
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: atmgrtok - atmgrtok.dll
Notify: pcsinst - pcsinst.dll
Notify: rcHostExt - c:\program files\ca\dsm\bin\rcLoginExt.dll
AppInit_DLLs: AMINIT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\c00nej\application data\mozilla\firefox\profiles\2ytw07r4.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\meeting center\modules\firefox\plugins\npMCInstall.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-12-29 461864]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2011-11-3 17968]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-29 89624]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-29 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-29 148520]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2011-12-29 240344]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-29 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-28 83720]
S1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [2005-3-23 9216]
S2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\shared components\cam\bin\cam.exe [2011-12-29 181512]
S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csam\sockadapter\bin\CSAMPmux.exe [2009-1-23 159744]
S2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2009-10-3 195848]
S2 CASPLiteAgent;CA Systems Performance LiteAgent;c:\program files\ca\sc\systems performance liteagent\bin\casplitegent.exe [2009-2-12 135168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2011-9-12 488824]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-1-4 99896]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2011-10-24 165440]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-29 166024]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-12-29 113664]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-12-29 33832]
S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2011-12-29 39336]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2011-12-29 145616]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-29 180072]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-29 59288]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-28 83720]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-29 87808]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-1-4 17408]
S3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2009-10-3 26128]
S3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2009-10-3 9872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2011-11-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-05 04:46:17 610070 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-05 04:44:29 349184 ---ha-w- c:\documents and settings\all users\application data\yBsRpV4UqaHMCP.exe
2012-02-05 01:11:10 -------- d--h--w- c:\documents and settings\all users\application data\PC Tools
2012-02-04 23:55:08 -------- d--h--w- c:\program files\ESET
2012-02-04 23:38:31 -------- d--h--w- C:\_OTL
2012-02-04 20:11:25 441344 ---ha-w- c:\documents and settings\all users\application data\hxmihOGCcujDAx.exe
2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-27 21:41:44 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-27 21:41:43 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-27 21:41:43 159744 ---ha-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-01-27 21:40:01 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Apple
2012-01-27 21:39:37 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Apple Computer
2012-01-24 10:22:10 -------- d--h--w- c:\program files\MSXML 4.0
2012-01-24 02:08:42 -------- d--h--w- c:\documents and settings\c00nej\application data\Windows Search
2012-01-16 03:24:07 -------- d--h--w- c:\program files\CCleaner
2012-01-13 22:17:51 -------- d--h--w- c:\documents and settings\c00nej\application data\Xerox
2012-01-13 16:12:16 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Evernote
2012-01-12 21:26:07 185920 ---ha-w- c:\program files\mozilla firefox\distribution\bundles\{b7082faa-cb62-4872-9106-e42dd88ede45}\components\McFFPlg.dll
2012-01-12 00:19:16 4448256 ---ha-w- c:\windows\system32\GPhotos.scr
2012-01-10 04:53:59 319488 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2012-01-10 04:53:58 125440 ---ha-w- c:\windows\system32\hpf3l02t.dll
2012-01-10 04:53:43 15104 -c-ha-w- c:\windows\system32\dllcache\usbscan.sys
2012-01-10 04:53:43 15104 ---ha-w- c:\windows\system32\drivers\usbscan.sys
2012-01-10 04:53:15 -------- d--h--w- c:\program files\Microsoft
2012-01-10 04:52:37 -------- d--h--w- c:\program files\Bing Bar Installer
2012-01-10 04:52:09 -------- d--h--w- c:\program files\common files\HP
2012-01-10 04:52:09 -------- d--h--w- c:\program files\common files\Hewlett-Packard
2012-01-10 04:51:34 454504 ---ha-w- c:\windows\system32\hpzids01.dll
2012-01-10 04:51:32 21568 ---ha-w- c:\windows\system32\drivers\HPZius12.sys
2012-01-10 04:51:31 49920 ---ha-w- c:\windows\system32\drivers\HPZid412.sys
2012-01-10 04:51:31 16496 ---ha-w- c:\windows\system32\drivers\HPZipr12.sys
2012-01-10 04:51:30 970752 ---ha-w- c:\windows\system32\hpwtiop4.dll
2012-01-10 04:51:30 718336 ---ha-w- c:\windows\system32\hpwwiax5.dll
2012-01-10 04:51:30 372736 ---ha-w- c:\windows\system32\hppldcoi.dll
2012-01-10 04:51:30 294912 ---ha-w- c:\windows\system32\hpovst11.dll
2012-01-08 19:16:57 -------- d--h--w- c:\documents and settings\c00nej\local settings\application data\Google
2012-01-07 20:40:45 -------- d--h--w- c:\documents and settings\c00nej\application data\Malwarebytes
2012-01-07 20:40:33 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-07 20:40:32 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 20:40:32 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 20:31:55 -------- d--h--w- C:\Quarantine
.
==================== Find3M ====================
.
2012-02-04 17:58:11 2401 ---ha-w- c:\windows\system32\drivers\AlKernel.sys
2012-01-03 21:12:32 13844000 ---ha-w- c:\program files\common files\lpuninstall.exe
2012-01-03 21:05:53 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-29 13:38:39 89624 ---ha-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-12-29 13:38:39 87808 ---ha-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-29 13:38:39 148520 ---ha-w- c:\windows\system32\mfevtps.exe
2011-12-29 13:38:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-29 13:38:38 74848 ---ha-w- c:\windows\system32\MfeOtlkAddin.dll
2011-12-29 13:38:38 59288 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-29 13:38:38 461864 ---ha-w- c:\windows\system32\drivers\mfehidk.sys
2011-12-29 13:38:38 22816 ---ha-w- c:\windows\system32\MFEOtlk.dll
2011-12-29 13:38:38 180072 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-29 13:38:38 119968 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
2011-12-29 13:24:21 21419 ---ha-w- c:\windows\system32\drivers\iPassP.sys
2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ---ha-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ---ha-w- c:\windows\system32\schannel.dll
2011-11-11 02:07:59 99896 ---ha-w- c:\windows\system32\HPSIsvc.exe
.
============= FINISH: 22:01:01.21 ===============

 

[truthandlife]

Attach.txt (below)


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2011 7:05:51 AM
System Uptime: 2/4/2012 10:53:01 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0RX495
Processor: Intel Pentium III Xeon processor | Microprocessor | 2393/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 21.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 3600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 3600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 2840
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2840
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6500_E709_BasicWeb
6500_E709_Help_BasicWeb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player
Altiris Application Metering Agent
Altiris Carbon Copy Solution Agent
Altiris Carbon Copy Solution Agent 6.1
Altiris PC Transplant Capture Agent
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Apple Application Support
Apple Software Update
bpd_scan
BPDSoftware_Ini
BufferChm
CA Asset Management Performance LiteAgent
CA DSM Agent + Asset Management plugin
CA DSM Agent + Remote Control plugin
CA DSM Agent + Software Delivery plugin
CA Secure Socket Adapter
CA Systems Performance LiteAgent
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
DW WLAN Card Utility
ESET Online Scanner v3
Evernote v. 4.5.2
Gadwin PrintScreen
Genesys Meeting Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP LaserJet Professional P1100-P1560-P1600 Series
HP Officejet 6500 E709 Series
hppLaserJetService
hppP1100P1560P1600SeriesLaserJetService
hppusgP1100P1560P1600Series
HPSSupply
IBM Personal Communications
iPassConnect
J2SE Runtime Environment 5.0 Update 20
Java Auto Updater
Java(TM) 6 Update 20
Juniper Networks Host Checker
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee Agent
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise
McAfee VirusScan Enterprise
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
Network
NVIDIA Drivers
Picasa 3
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/4/2012 9:16:48 AM, error: Dhcp [1002] - The IP address lease 10.73.192.233 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/4/2012 5:38:33 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).
2/4/2012 5:11:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/4/2012 4:26:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CCDevice Fips intelppm
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC X.25 service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC V25bis signalling service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC SDLC service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC SDLC Leased service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC QLLC service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Mapper service depends on the PDLC X.25 service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC LAPB service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Hayes At signalling service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC DLC Classes service depends on the PDLC Buffer Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Connection Manager service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Buffer Manager service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The PDLC Adapter Factory service depends on the PDLC Message Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The IBM Enterprise Extender (HPR/IP) service depends on the PDLC OEM Interface service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:26:38 PM, error: Service Control Manager [7001] - The AppnApi service depends on the PDLC Mapper service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 4:25:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/3/2012 5:26:35 AM, error: Dhcp [1002] - The IP address lease 10.73.168.11 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/2/2012 7:52:54 AM, error: Dhcp [1002] - The IP address lease 10.73.198.77 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/2/2012 6:56:33 AM, error: Dhcp [1002] - The IP address lease 10.73.166.7 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/2/2012 6:45:03 AM, error: Dhcp [1002] - The IP address lease 192.168.0.49 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
2/2/2012 12:54:34 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer HOU-C00AFL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF385598-3D61-43A. The master browser is stopping or an election is being forced.
2/1/2012 8:18:20 PM, error: Dhcp [1002] - The IP address lease 10.73.194.112 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/1/2012 7:52:12 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SharedAccess service.
2/1/2012 7:51:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
2/1/2012 7:23:37 PM, error: Service Control Manager [7034] - The iPassPeriodicUpdateApp service terminated unexpectedly. It has done this 1 time(s).
2/1/2012 5:19:46 AM, error: Dhcp [1002] - The IP address lease 10.73.196.254 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
2/1/2012 3:29:43 PM, error: NETLOGON [5719] - No Domain Controller is available for domain AMER due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/31/2012 8:23:42 AM, error: Dhcp [1002] - The IP address lease 192.168.1.76 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 10.0.20.14 (The DHCP Server sent a DHCPNACK message).
1/31/2012 7:02:06 AM, error: Dhcp [1002] - The IP address lease 10.73.160.80 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
1/31/2012 10:14:59 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
1/31/2012 10:14:56 PM, error: Dhcp [1002] - The IP address lease 10.10.23.86 for the Network Card with network address 00242B3725CD has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
1/30/2012 7:59:01 AM, error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
1/29/2012 4:36:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
1/29/2012 11:40:47 AM, error: Dhcp [1002] - The IP address lease 10.73.163.10 for the Network Card with network address 00FF08508188 has been denied by the DHCP server 10.73.0.71 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[truthandlife]

Avast was downloaded but will not open

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

 

[truthandlife]

Here is the 32. The 64 wouldn't open.

ListParts by Farbar
Ran by c00nej on 06-02-2012 at 19:50:23
Windows XP (X86)
Running From: C:\Documents and Settings\c00nej\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 2035.83 MB
Available physical RAM: 1356.38 MB
Total Pagefile: 4956.64 MB
Available Pagefile: 4466.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.95 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:74.53 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB
Partition 2 Unknown 2544 KB 75 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 75 GB Healthy Boot

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.


****** End Of Log ******

 

[Broni]

We have TDL rootkit there.

Download GETxPUD.exe to the desktop of your clean computer

• Double click on GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on the get&burn.bat
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
• Insert blank CD into your CD drive.
• Click on Start and follow the prompts to burn the image to a CD.
• Boot bad computer from the CD
• Press Tool at the top
• Choose Open Terminal
• Type parted /dev/sda set 1 boot on
• Press Enter
• Type parted /dev/sda rm 2
• Press Enter
• Remove xPUD CD, reboot, run aswMBR and post the log