Inactive Not acquiring network address

Step 1 Done...

Download and installed Avast and Rebooted...

Step 2 Done...

Ran Malwarebytes Anti-Malware...

Here is that report:

=============
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
User :: DJSYSTEM02 [administrator]

Protection: Enabled

5/4/2012 6:39:22 PM
mbam-log-2012-05-04 (18-39-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207318
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Step Done...

Download and ran Gmer...

Here is the report:
============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-04 19:01:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721080G9SA00 rev.MC4OC10H
Running: p5wl2qnt.exe; Driver: C:\DOCUME~1\JESSEW~1\LOCALS~1\Temp\kglcyaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA83CA28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA83CA0F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
Step 4...

Download and ran DDS...

Here is both for the reports:
===================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by CadDog at 19:10:09 on 2012-05-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2546 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dlcccoms.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: ReadingBar: {5420be57-2ed4-4f4f-9eb9-381cec2290e7} - c:\program files\readbar\ReadBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315245314984
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279586973984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280681180375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\CadDog\application data\mozilla\firefox\profiles\4uvg2s5g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-17 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-4 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-4 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-4 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-4 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-26 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22344]
S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
S2 mpfirewl;Mr2kserv;c:\windows\system32\svchost.exe -k netsvcs [2002-9-3 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-17 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-17 1150936]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
.
=============== Created Last 30 ================
.
2012-05-05 01:32:30612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-05 01:32:0241184----a-w-c:\windows\avastSS.scr
2012-05-05 01:31:41--------d-----w-c:\program files\AVAST Software
2012-05-05 01:31:41--------d-----w-c:\documents and settings\all users\application data\AVAST Software
2012-05-04 00:00:10--------d-----w-c:\windows\system32\NtmsData
2012-05-03 23:48:00--------d-----w-c:\windows\system32\CatRoot2
2012-05-02 23:43:4798816----a-w-c:\windows\sed.exe
2012-05-02 23:43:47518144----a-w-c:\windows\SWREG.exe
2012-05-02 23:43:47256000----a-w-c:\windows\PEV.exe
2012-05-02 23:43:47208896----a-w-c:\windows\MBR.exe
2012-05-02 01:15:13--------d-----w-c:\program files\My Company Name
2012-05-02 00:49:34--------d-----w-c:\documents and settings\CadDog\local settings\application data\Toshiba
2012-05-02 00:46:5273600----a-w-c:\windows\system32\drivers\Tosrfhid.sys
2012-05-02 00:46:5241856----a-w-c:\windows\system32\drivers\tosrfusb.sys
2012-05-02 00:46:52113920----a-w-c:\windows\system32\drivers\tosrfbd.sys
2012-05-02 00:46:5136480----a-w-c:\windows\system32\drivers\tosrfbnp.sys
2012-05-02 00:46:5118612----a-w-c:\windows\system32\drivers\tosrfnds.sys
2012-05-02 00:46:5064896----a-w-c:\windows\system32\drivers\tosrfcom.sys
2012-05-02 00:46:5041600----a-w-c:\windows\system32\drivers\tosporte.sys
2012-05-02 00:46:33--------d-----w-c:\program files\Toshiba
2012-05-02 00:44:3731744----a-w-c:\windows\system32\drivers\csrbcxp.sys
.
==================== Find3M ====================
.
2012-05-05 01:56:464766----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-04-04 22:56:4022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-04 20:03:17138496----a-w-c:\windows\system32\drivers\afd.sys
2012-04-01 17:57:1670304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-01 17:57:16418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-02-25 22:55:4073728----a-w-c:\windows\system32\javacpl.cpl
2012-02-25 22:55:40472808----a-w-c:\windows\system32\deployJava1.dll
2011-02-19 22:13:478768200----a-w-c:\program files\common files\lpuninstall.exe
.
============= FINISH: 19:10:59.12 ===============
 
Second File: (attach.txt)
=====================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2007 10:34:29 PM
System Uptime: 5/4/2012 6:51:47 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0NF743
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1828/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 42.912 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&346F9A3C&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&346F9A3C&0&0102
Service:
.
==== System Restore Points ===================
.
RP49: 2/25/2012 2:54:42 PM - Restore Operation
RP50: 2/25/2012 2:54:49 PM - Removed Java(TM) 6 Update 11
RP51: 2/25/2012 2:55:27 PM - Installed Java(TM) 6 Update 31
RP52: 3/2/2012 4:24:57 PM - Installed Ultra Hal Text-to-Speech Reader
RP53: 3/3/2012 9:37:45 PM - System Checkpoint
RP54: 3/5/2012 1:24:33 PM - System Checkpoint
RP55: 3/10/2012 12:49:03 PM - Removed Ultra Hal Text-to-Speech Reader
RP56: 3/12/2012 9:27:51 AM - System Checkpoint
RP57: 3/12/2012 6:34:27 PM - Spyware Doctor: Cleaning Threats
RP58: 3/12/2012 6:42:52 PM - Installed VirtualDJ PRO Full
RP59: 3/16/2012 6:13:49 PM - System Checkpoint
RP60: 3/17/2012 2:22:32 PM - Spyware Doctor: Cleaning Threats
RP61: 3/17/2012 3:21:27 PM - Spyware Doctor: Cleaning Threats
RP62: 3/30/2012 11:14:53 PM - Installed Dell Driver Reset Tool
RP63: 4/1/2012 10:42:34 AM - Spyware Doctor: Cleaning Threats
RP64: 4/2/2012 8:08:18 PM - Spyware Doctor: Cleaning Threats
RP65: 4/2/2012 8:09:32 PM - Spyware Doctor: Cleaning Threats
RP66: 4/2/2012 8:10:32 PM - Spyware Doctor: Cleaning Threats
RP67: 4/3/2012 5:34:55 PM - Spyware Doctor: Cleaning Threats
RP68: 4/3/2012 5:35:53 PM - Spyware Doctor: Cleaning Threats
RP69: 4/14/2012 9:13:12 AM - Restore Operation
RP70: 4/14/2012 9:14:37 AM - Restore Operation
RP71: 4/14/2012 9:40:46 AM - Restore Operation
RP72: 4/22/2012 9:29:21 PM - Restore Operation
RP73: 4/24/2012 2:29:50 PM - System Checkpoint
RP74: 5/1/2012 5:46:29 PM - Installed Bluetooth Stack for Windows by Toshiba
RP75: 5/3/2012 11:13:40 AM - System Checkpoint
RP76: 5/4/2012 6:31:41 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
Audiograbber 1.83 SE
Audiograbber MP3 Plugin
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
Broadcom 440x 10/100 Integrated Controller
CCleaner
Compatibility Pack for the 2007 Office system
Delicious Add-on for Internet Explorer
Dell Driver Reset Tool
Dell Photo AIO Printer 924
Dell Wireless WLAN Card
FolderSync 1.1
Free YouTube to MP3 Converter version 3.10.14.1206
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java Auto Updater
Java(TM) 6 Update 31
L&H TTS3000 British English
L&H TTS3000 Deutsch
L&H TTS3000 Español
L&H TTS3000 Français
L&H TTS3000 Italiano
L&H TTS3000 Nederlands
LastPass (uninstall only)
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Compact Framework 2.0 SP1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Networks Media Player for Internet Explorer
Mozilla Firefox 11.0 (x86 en-US)
Multiple File Search and Replace
muvee Reveal Seagate Edition
Notepad++
PCDJ DAC-2 USB Drivers
PCDJ Red
PCDJ Red 5.2
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
SigmaTel Audio
Sony Media Manager 2.1
Spyware Doctor with AntiVirus 8.0
TagScanner 5.1.605
Tango
TreeSize Professional 2.43
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Virtual DJ - Atomix Productions
Virtual DJ Pro Full - Atomix Productions
VirtualDJ PRO Full
WavePad Uninstall
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/4/2012 5:30:50 PM, error: PSched [14107] - QoS [Adapter {0F146D1C-DAEC-47A7-8447-53931ED9F84C}]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
5/3/2012 8:04:46 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library USB DISK 2.0 USB Device.
5/3/2012 5:01:00 PM, error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:40 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2012 4:58:10 PM, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
5/2/2012 4:58:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Windowblinds service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Vstor2-ws60 service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Swmsflt service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Sscdbhk5 service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The SE2Bbus service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The RapiMgr service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Perfdisk service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Mxnic service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Mr2kserv service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Klblmain service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Icam4usb service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Iam service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The E1000 service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Djsnetcn service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The Cdfsvc service terminated with the following error: The specified module could not be found.
5/2/2012 4:58:00 PM, error: Service Control Manager [7023] - The A016bus service terminated with the following error: The system cannot find the file specified.
5/2/2012 4:58:00 PM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/2/2012 4:13:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 4:13:45 PM, error: Service Control Manager [7000] - The AFD Networking Support Environment service failed to start due to the following error: The system cannot find the file specified.
5/2/2012 4:08:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32
5/2/2012 4:08:36 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
5/2/2012 4:08:36 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
5/2/2012 4:08:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2012 4:08:36 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/2/2012 2:50:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/2/2012 2:16:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 1:27:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: The system cannot find the file specified.
5/2/2012 1:27:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2012 6:30:19 PM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
5/1/2012 4:39:42 PM, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
.
==== End Of File ===========================
 
You're running three AV programs, Spyware Doctor with AntiVirus, Avast and McAfee.
You must uninstall TWO of them.
If McAfee is one of them use this tool to uninstall it: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

When done....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Removed two of the programs as directed.

Here is the aswMER report:
====================
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-05 07:20:27
-----------------------------
07:20:27.453 OS Version: Windows 5.1.2600 Service Pack 3
07:20:27.453 Number of processors: 2 586 0xE08
07:20:27.453 ComputerName: DJSYSTEM02 UserName:
07:20:28.031 Initialize success
07:20:28.218 AVAST engine defs: 12030600
07:20:51.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:20:51.921 Disk 0 Vendor: Hitachi_HTS721080G9SA00 MC4OC10H Size: 76319MB BusType: 3
07:20:51.921 Disk 0 MBR read successfully
07:20:51.921 Disk 0 MBR scan
07:20:51.921 Disk 0 Windows XP default MBR code
07:20:51.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
07:20:51.921 Disk 0 scanning sectors +156296385
07:20:52.031 Disk 0 scanning C:\WINDOWS\system32\drivers
07:21:04.968 Service scanning
07:21:21.640 Modules scanning
07:21:27.296 Disk 0 trace - called modules:
07:21:27.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:21:27.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae858f0]
07:21:27.312 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ad943b8]
07:21:27.312 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8adaf940]
07:21:27.859 AVAST engine scan C:\WINDOWS
07:21:35.937 AVAST engine scan C:\WINDOWS\system32
07:23:30.343 AVAST engine scan C:\WINDOWS\system32\drivers
07:23:40.750 AVAST engine scan C:\Documents and Settings\Jesse Wheat
07:28:39.640 AVAST engine scan C:\Documents and Settings\All Users
07:28:58.078 Scan finished successfully
07:29:44.781 Disk 0 MBR has been saved successfully to "F:\! 01 A Problem\MBR.dat"
07:29:44.812 The log file has been saved successfully to "F:\! 01 A Problem\aswMBR.txt"

=========
I also saved a copy of both MBR.dat and aswMBR.txt on my desktop...
 
Here is the Bootkit report:
==================
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix is telling me through a dialog that
both McAfee and Spyware are running
but I have uninstalled them on the steps above.
I also check control "add and remove" I didn't these there...
I stop ComboFix and turn my laptop off for a minute
and try to run ComboFix again and got the same message...

What should I do...???
 
ComboFix stated "the above are active"
I hit ok

the laptop does not have Recovery console installed. An existing installation of the recovery console may be prevent but requires updating.

Without it, ComboFix shall not attempt the fixing of some serious infections.

check YES to have ComboFix download/install it.

Note: this requires an active internet connection...
(Which I don't have at this time. What should I do...???)

Do I select Yes knowing I don't a connection or
No...???

Sorry for all these small questions...
 
I selected NO...
It is running now...

ComboFix...

Now it states:

That I have RootkitZeroAccess
which has installed itself into the tcp/ip...

ComboFix... continued myself...

Now ... is rebooting...

(sorry the other step didn't have so many warning and dialog coming up)

NOTE: I'm using a flash drive to load all these programs..

ComboFix... is continuing to run...

It is now going through Stage_1.... etc...
 
Looks like this may take a little while...

ComboFix has been doing Stage_3 for the pass 20 minutes...
The hour glass is popping up so I know it's still working...
Wow... just moved to Stage_4...
I best walk away and stop watching...
I will post again once ComboFix has done it's work...

Thanks
 
OK I'm a little worried...

It just finish Stage_4...

How many Stages does ComboFix go through...?

I'm only asking because at the top of the AutoScan screen
it states... "that it would typically take 10 minutes but sometime
easily double"... 10x2=20 but it is way longer then that at Stage_5...

:eek:
 
It just came back and
it said that it needed to do a big search
and it may take a while...

I said OK...

Here are a few file it listed as be attempting to restore:
>>> beep.sys
>>> taskmage.exe
>>> msgsve.dll
>>> agp440.sys
>>> asyncmac.sys
>>> comres.dll

This is where it at now...

Boy...!!! I'm sure glade I found this site.
I would of been able to do this by myself...

:)
 
The laptop just blue screened with this message:
==========================
Technical information:

*** STOP: 0x0000008E (0xC0000005.oxA7DDD5Ao,0xB9444A2C,0x00000000)
*** aswSMX,SYS - Address A7DDD5AO base at A7DBD000, DateStamp 4f56a5e5

I needed to press the off button to continue...

I Restarted the laptop at 3:14pm

Stop aVast to let ComboFix continue...

Here is the ComboFix Report:
=====================

ComboFix 12-05-05.06 - CadDog 05/05/2012 11:15:26.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2657 [GMT -7:00]
Running from: f:\! 01 a problem\5 steps\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\a016mdfl.dll
c:\windows\system32\ARSVC.dll
c:\windows\system32\Atmuni.dll
c:\windows\system32\ghoststartservice.dll
c:\windows\system32\kbdhid.dll
c:\windows\system32\logonsvcid.dll
c:\windows\system32\pivotmou.dll
c:\windows\system32\s616mdfl.dll
c:\windows\system32\tifsfilter.dll
c:\windows\system32\tnidriver.dll
.
c:\windows\system32\drivers\beep.sys . . . is infected!!
.
c:\windows\system32\taskmgr.exe . . . is infected!!
.
c:\windows\system32\msgsvc.dll . . . is infected!!
.
c:\windows\system32\vssvc.exe . . . is infected!!
.
c:\windows\system32\drivers\AGP440.sys . . . is infected!!
.
c:\windows\system32\drivers\asyncmac.sys . . . is infected!!
.
c:\windows\system32\comres.dll . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMDK7
-------\Legacy_MPFIREWL
-------\Legacy_MSSQL$MSSMLBIZ
-------\Legacy_OLCAMSRV
-------\Legacy_OMNIDRV
-------\Legacy_PRISMXL
-------\Legacy_SRESCAN
-------\Legacy_SYMPROXYSVC
-------\Legacy_TCSD_WIN32.EXE
-------\Legacy_Z800MGMT
-------\Service_amdk7
-------\Service_mpfirewl
-------\Service_MSSQL$MSSMLBIZ
-------\Service_olcamsrv
-------\Service_omnidrv
-------\Service_prismxl
-------\Service_srescan
-------\Service_symproxysvc
-------\Service_tcsd_win32.exe
-------\Service_z800mgmt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 22:15 . 2011-04-15 03:164766----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-04-04 22:56 . 2011-09-06 02:1022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-04 20:03 . 2002-09-03 16:27138496----a-w-c:\windows\system32\drivers\afd.sys
2012-04-01 17:57 . 2012-04-01 17:57418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-01 17:57 . 2011-05-16 00:3270304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 22:55 . 2012-02-25 22:5573728----a-w-c:\windows\system32\javacpl.cpl
2012-02-25 22:55 . 2010-04-29 01:27472808----a-w-c:\windows\system32\deployJava1.dll
2011-02-19 22:13 . 2011-02-19 22:138768200----a-w-c:\program files\Common Files\lpuninstall.exe
2012-03-27 05:46 . 2011-04-17 15:4097208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-01-14 135168]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-01-14 131072]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-01-14 163840]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-19 8768200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-5-24 49152]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultra Hal Text-to-Speech Reader Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ultra Hal Text-to-Speech Reader Startup.lnk
backup=c:\windows\pss\Ultra Hal Text-to-Speech Reader Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^NeoPlanet.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\NeoPlanet.lnk
backup=c:\windows\pss\NeoPlanet.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^CadDog^Start Menu^Programs^Startup^Seagate 2GE6D6WE Product Registration.lnk]
path=c:\documents and settings\CadDog\Start Menu\Programs\Startup\Seagate 2GE6D6WE Product Registration.lnk
backup=c:\windows\pss\Seagate 2GE6D6WE Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-10-27 09:001015808----a-w-c:\progra~1\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08421160----a-w-c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 22:56462408----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 18:24197928----a-w-c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"wuauserv"=2 (0x2)
"SamSs"=2 (0x2)
"wscsvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"FreeAgentGoNext Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"QuestBrowser Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"McShield"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mfevtp"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McProxy"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McNASvc"=2 (0x2)
"mfefire"=2 (0x2)
"McAWFwk"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/4/2012 6:32 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2012 6:32 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2012 6:32 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/26/2010 5:51 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/5/2011 7:10 PM 22344]
S0 27754183;27754183;c:\windows\system32\drivers\61567167.sys --> c:\windows\system32\drivers\61567167.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:57 AM 253600]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
deventagent
cusrvc
BrPar
amdk8
btwhid
dphost
qbposdbextservices
avupdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:57]
.
2012-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-17 02:26]
.
2012-05-05 c:\windows\Tasks\User_Feed_Synchronization-{94AE8699-29C6-4632-8C9D-74C2EAB4B4EE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
IE: Free YouTube to MP3 Converter - c:\documents and settings\CadDog\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CadDog\Application Data\Mozilla\Firefox\Profiles\4uvg2s5g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-1958367476-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\locator.exe
c:\windows\stsystra.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\dlcccoms.exe
.
**************************************************************************
.
Completion time: 2012-05-05 15:18:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 22:18
ComboFix2.txt 2012-05-03 01:23
ComboFix3.txt 2012-05-03 00:11
.
Pre-Run: 46,052,585,472 bytes free
Post-Run: 46,292,201,472 bytes free
.
- - End Of File - - 26A975AA65A986796AE13D1377B9DB4A
 
Combofix reported:
Overlay aborted ... Please run ComboFix once more
Click to expand...
but let's see if we can use what we have....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Use the following settings:

  • Click the NONE button
  • Under Custom Scans/Fixes paste:
Code: 
/md5start
comres.dll
asyncmac.sys
AGP440.sys
vssvc.exe
msgsvc.dll
taskmgr.exe
beep.sys
/md5stop
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.

NOTE.
Be aware that from what I can see we may be facing Windows reinstallation due to rather serious infection of system files.
 
Sorry...
Do you want me to run combofix again or OTL...???

I just want to be sure.

"NOTE.
Be aware that from what I can see we may be facing Windows reinstallation due to rather serious infection of system files."

That may be a problem because I'm not sure where or if I still have my window install CD... :(
 
OK


Here is the OTL report:
================
OTL logfile created on: 5/5/2012 3:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = F:\! 01 A Problem\5 steps
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 83.01% Memory free
4.32 Gb Paging File | 4.00 Gb Available in Paging File | 92.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 43.14 Gb Free Space | 57.88% Space Free | Partition Type: NTFS
Drive F: | 7.63 Gb Total Space | 5.06 Gb Free Space | 66.31% Space Free | Partition Type: FAT32

Computer Name: DJSYSTEM02 | User Name: CadDog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >
 
You must log in or register to reply here.

Similar threads

Mickey1
PC Freezes & won't open anything
Replies
3
Views
521
info12345
info12345
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E
H
Legion 5 15ARH05H Type-C Video Output Stopped Working
Replies
0
Views
407
Hal19
H

Latest posts

Back