BleepingComputer.com: XP Repair Malware?

I am having a similar problem. I'm on an XP machine that started the Windows XP Repair scan this AM. Should I ask questions here or start a new thread. Thanks for any help. Your sight is very helpful.

This post has been edited by hamluis: 04 July 2011 - 07:14 PM
Reason for edit: Sent PM to new OP.

Thanks for moving this Hamluis...gives me the answer I needed.

My problem is I was hit with "Windows XP Repair" this AM. I am on a Dell Latitude D610 running XP Prof. I have run Rkill followed by Malwarebytes about 5 times today. I have also done Disc Cleanup, Defrag, and Error checking.

I can get the computer to run, but I have no programs when I click start and no favorites under internet explorer. It is no longer scanning using the Windows XP Repair, but what else do I need to do?

This post has been edited by photomd: 04 July 2011 - 08:00 PM

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked and we'll go from there.

Yep...that did it.

Thanks again...probably the 3rd or 4th time this sight has helped me.

I'm glad, it worked, but we need to run some more checks to make sure your computer is really clean.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List last 10 Event Viewer log
  
• List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Thanks for your help. I am having redirect issues when I use a search engine (google). I have tried TDDSkiller, but I can't get it to run. So I'm running the above mentioned checks.

Here's the Security Check update:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 11
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_13
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

Minitoolbox results:


MiniToolBox by Farbar
Ran by dl0242 (administrator) on 05-07-2011 at 09:30:20
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pa10009

Primary Dns Suffix . . . . . . . : mrmc.mcleodhealth.org

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mrmc.mcleodhealth.org

mcleodhealth.org



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Cisco Aironet 802.11a/b/g Wireless Adapter

Physical Address. . . . . . . . . : 00-40-96-AB-C8-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, July 05, 2011 8:57:39 AM

Lease Expires . . . . . . . . . . : Wednesday, July 06, 2011 8:57:39 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-14-22-BF-4C-4A

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.147, 74.125.115.99, 74.125.115.103, 74.125.115.104
74.125.115.105, 74.125.115.106



Pinging google.com [74.125.115.106] with 32 bytes of data:



Reply from 74.125.115.106: bytes=32 time=53ms TTL=48

Reply from 74.125.115.106: bytes=32 time=51ms TTL=48



Ping statistics for 74.125.115.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 53ms, Average = 52ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=48ms TTL=50

Reply from 69.147.125.65: bytes=32 time=45ms TTL=50



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 48ms, Average = 46ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 96 ab c8 86 ...... Cisco Aironet 802.11a/b/g Wireless Adapter - Packet Scheduler Miniport
0x3 ...00 14 22 bf 4c 4a ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 25
63.235.36.41 255.255.255.255 192.168.1.1 192.168.1.11 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.11 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 25
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 25
208.43.87.2 255.255.255.255 192.168.1.1 192.168.1.11 25
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 25
255.255.255.255 255.255.255.255 192.168.1.11 3 1
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2011 08:57:38 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (07/05/2011 08:57:37 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (07/05/2011 08:22:13 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (07/05/2011 08:01:23 AM) (Source: System.ServiceModel.Install 3.0.0.0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (07/05/2011 07:48:04 AM) (Source: System.ServiceModel.Install 3.0.0.0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (07/05/2011 00:22:16 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (07/05/2011 00:22:15 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (07/04/2011 10:48:04 PM) (Source: WinINSTALL) (User: OnDemand)OnDemand
Description: Unable to save a checkpoint of the XML job queue to C:\Program Files\Scalable\WinINSTALL\Bin\..\CfgFiles\JobCheckpoint.xml: Could not open file: C:\Program Files\Scalable\WinINSTALL\Bin\..\CfgFiles\JobCheckpoint.xml.

Error: (07/04/2011 10:43:38 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (07/04/2011 10:43:37 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


System errors:
=============
Error: (07/05/2011 09:13:00 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (07/05/2011 09:00:03 AM) (Source: Service Control Manager) (User: )
Description: The Scalable WinINSTALL Master Agent service hung on starting.

Error: (07/05/2011 08:59:35 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service hung on starting.

Error: (07/05/2011 08:58:36 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the ACEmessage Network Client service to connect.

Error: (07/05/2011 08:57:59 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/05/2011 08:57:59 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (07/05/2011 08:57:37 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain MRMC_ENT due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (07/05/2011 08:27:39 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2393802).

Error: (07/05/2011 08:27:32 AM) (Source: NtServicePack) (User: dl0242)
Description: Windows XP KB2393802 installation failed.
An internal error occurred.

Error: (07/05/2011 08:22:18 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain MRMC_ENT due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.


Microsoft Office Sessions:
=========================
Error: (07/05/2011 08:57:38 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/05/2011 08:57:37 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (07/05/2011 08:22:13 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/05/2011 08:01:23 AM) (Source: System.ServiceModel.Install 3.0.0.0)(User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (07/05/2011 07:48:04 AM) (Source: System.ServiceModel.Install 3.0.0.0)(User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (07/05/2011 00:22:16 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/05/2011 00:22:15 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (07/04/2011 10:48:04 PM) (Source: WinINSTALL)(User: OnDemand)OnDemand
Description: C:\Program Files\Scalable\WinINSTALL\Bin\..\CfgFiles\JobCheckpoint.xmlCould not open file: C:\Program Files\Scalable\WinINSTALL\Bin\..\CfgFiles\JobCheckpoint.xml

Error: (07/04/2011 10:43:38 PM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/04/2011 10:43:37 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 70%
Total physical RAM: 1015.36 MB
Available physical RAM: 301.83 MB
Total Pagefile: 2442.79 MB
Available Pagefile: 1816.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.3 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:37.15 GB) (Free:15.3 GB) NTFS

================= Users: ==================================================

User accounts for \\PA10009

-------------------------------------------------------------------------------
Administrator ASPNET dl0242
Guest HelpAssistant SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7027

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2011 10:13:57 AM
mbam-log-2011-07-05 (10-13-57).txt

Scan type: Quick scan
Objects scanned: 183646
Time elapsed: 31 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________________________________
_____________________________________________________________

In my Quarantine Log on Malwarebytes I have a list of programs that's been quarantined. Can I delete those?

Thanks again.

I'm on a different computer now. The one with the problem has been running GMER scan for 30+ minutes. SHould I stop it? My AVG virus program will only turn off for 15 minutes. Is this a problem?

GMER log:


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-05 12:56:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9408114A rev.8.03
Running: y76ol3q7.exe; Driver: C:\DOCUME~1\dl0242\LOCALS~1\Temp\fxldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA3380738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA33807DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA3380878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA3380914]

---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket F7A47345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket F7A4734D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket F7A47353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket F7A47371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 F7A4738E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A F7A473A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 F7A473CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C F7A473D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 F7A473EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D F7A4748D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D F7A4748D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C F7A474DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 F7A474F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + 19F F7A475FF 118 Bytes [68, 3B, 76, A4, F7, FF, 15, ...]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 F7A47F4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 F7A4801C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F7A4801F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 F7A4801F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B F7A48087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0129000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 011F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0127000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0128000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B168C7
.text C:\Program Files\Internet Explorer\iexplore.exe[908] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16AD2
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00F1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B168C7
.text C:\Program Files\Internet Explorer\iexplore.exe[3584] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16AD2

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [F7A475DF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [F7A475E9] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [F7A47619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [F7A4760D] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [F7A475F3] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [F7A47625] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [F7A475FF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [F7A47631] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F7A47619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 00000000
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 2E6C6168

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A1158D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Threads - GMER 1.0.15 ----

Thread System [4:108] 86F4C0B3
Thread System [4:120] 86F4D7FB

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\dl0242\Local Settings\Temporary Internet Files\Content.IE5\5VJ00ZIQ\info_48[1] 6993 bytes
File C:\Documents and Settings\dl0242\Local Settings\Temporary Internet Files\Content.IE5\5VJ00ZIQ\navcancl[1] 2713 bytes

---- EOF - GMER 1.0.15 ----

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

....mmmmm....just tried to run it twice: once with double click and once with a right click and "open". Nothing. It won't run. Is there another way to get it to run?

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

Here's a screen shot of FixTDDS.

Very well.

See, if TDSSKiller will run now.
If so, post its log.