BleepingComputer.com: Possible DNS - Host File Hijack

Dear Experts,

This notebooks is not able to use Google or Bing searches, not a redirect problem, it simply times out. Scanned with McAfee VirusScan 8.7, Malewarebytes, SuperAntiSpyware, & McAfee Stinger.

Malewarebytes - Files Infected:
C:\I386\NDP20-KB946927-X86.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Dell\DBRM\osmedia\DOTNETFX\NDPSP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

SuperAntiSpyware - Files Infected:
Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\[%user%]\COOKIES\[%user%]@MICROSOFTWINDOWS.112.2O7[1].TXT

Trojan.Agent/Gen-Cryptor[Egun]
C:\WINDOWS\INSTALLER\MSI157.TMP

Host file hack:
#::1 localhost
74.55.76.230 www.google-analytics.com.
74.55.76.230 ad-emea.doubleclick.net.
74.55.76.230 www.statcounter.com.

After cleaning the system I noticed the host file was hacked, there were a few additional bogus entires way at the bottom of the file, plus the file attributes had changed. The host file has been recreated and is OK now. But we still have problems with Google and Bing searches in both IE and Firefox, so I don't thinkg it's a browser issue.

I'm also not able do to a nslookup on www.google.com or www.bing.com, it times out. Other website are fine, and from my notebook I'm able to nslookup to google and bing.

One possible fix to this problem is installing SP3 for WinXP Pro. SP3 is already installed, tried reinstalling but it would not work. Would always get an error about a file being open, even with Process Explorer I couldn't kill the open handle. Sorry, don't remember the file name.

System Restore also doesn't work. I've tried 4 times going back to various dates. It let's me select the date, but after the reboot is says no changes have been made and says to try a different date.

######################## DDS Log ###############################

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by %username$ at 12:16:35 on 2011-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2801 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\notes\ntmulti.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uWindow Title = Microsoft Internet Explorer provided by Eisenmann Corporation
uStart Page = hxxp://encl
uDefault_Page_URL = hxxp://encl
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [McAfeeFireTray] c:\program files\network associates\mcafee desktop firewall for windows xp\Firetray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\backup exec\dlo\DLOClientu.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {00000001-0001-0002-ABCD-ABCDEF000000} - c:\program files\pisa\client\psa\bin\salesclipix\SalesClipIX.exe
IE: {00000002-0002-000A-BCDE-FFFFFF0000AB} - c:\program files\pisa\client\psa\bin\html2sales\HTML2Sales.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254951538238
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vistageevents.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 172.28.1.66 172.28.1.51
TCP: Interfaces\{B8E41AAC-50E1-4FCA-9DEE-FB051F942959} : DhcpNameServer = 172.28.1.66 172.28.1.51
TCP: Interfaces\{CED7C7B2-2873-482F-939F-614C96EFFF15} : DhcpNameServer = 68.94.156.1 68.94.157.1 4.2.2.1
TCP: Interfaces\{E8382A20-0135-47D3-9733-2234E951F2AE} : DhcpNameServer = 172.28.1.66 172.28.1.51
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\%username$\application data\mozilla\firefox\profiles\gcczvljf.default\
FF - prefs.js: browser.startup.homepage - hxxp://encl/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-7 344712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-11-4 147456]
R2 CISMBIOS;CISMBIOS;c:\windows\system32\drivers\cismbios.sys [2011-5-23 14848]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2009-7-2 4232552]
R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program files\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2009-5-22 472440]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-5-23 195072]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2011-5-23 182272]
R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2011-5-23 1058816]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-18 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-1 69192]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\softmon.exe [2011-5-23 385024]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-16 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-9-16 32808]
R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [2009-7-2 7040]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2009-7-2 27008]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2009-7-2 23680]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-9-16 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-16 109568]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-5-23 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-5-23 5120]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-7 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-7 43192]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-5-23 6144]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-16 232744]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2010-1-30 28656]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\drivers\dlcdbus.sys [2010-1-30 90240]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\drivers\lan9500-x86-n51f.sys [2010-1-30 57344]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-1 66536]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
.
=============== Created Last 30 ================
.
2011-09-30 17:02:36 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-09-27 21:23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 20:29:51 -------- d-----w- C:\mwood
2011-09-27 16:44:51 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 16:34:23 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-09-27 16:16:51 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-27 16:12:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-27 16:08:57 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-09-27 16:08:28 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 16:05:48 229888 -c----w- c:\windows\system32\dllcache\fxscover.exe
2011-09-27 15:52:41 -------- d-----w- C:\841bff5c32a8d892eb51a6a7f2
2011-09-27 15:49:12 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-09-27 15:49:09 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-09-27 15:37:39 -------- d-----w- C:\2a7aeaf3bd2be375cb87c3
2011-09-27 15:31:11 192512 ----a-w- c:\windows\system32\RemoteExecSvc.exe
2011-09-27 14:55:36 -------- d-----w- c:\documents and settings\%username$\application data\SUPERAntiSpyware.com
2011-09-27 14:55:18 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-09-27 14:55:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 14:55:14 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-27 14:37:55 -------- d-----w- c:\documents and settings\%username$\local settings\application data\Symantec
2011-09-27 14:23:54 -------- d-----w- c:\program files\CCleaner
2011-09-27 14:19:11 -------- d-----w- c:\windows\pss
2011-09-27 14:09:10 -------- d-----w- C:\Quarantine
2011-09-27 14:03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-27 14:03:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 14:03:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-27 14:03:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-27 15:36:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 07:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 12:16:58.12 ===============

Hello and welcome to Bleeping Computer.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  • DDS.txt
    
  • Attach.txt
  
  
• Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
  
  
• Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.

Hello km2357,

Here's the files you requested. FYI, I had to modify some of the folder names in the [file] section of the gmer log, proprietary info.

Regards,

Mike



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by Matrix01 at 12:16:35 on 2011-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2801 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\notes\ntmulti.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uWindow Title = Microsoft Internet Explorer provided by Eisenmann Corporation
uStart Page = hxxp://encl
uDefault_Page_URL = hxxp://encl
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [McAfeeFireTray] c:\program files\network associates\mcafee desktop firewall for windows xp\Firetray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\backup exec\dlo\DLOClientu.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {00000001-0001-0002-ABCD-ABCDEF000000} - c:\program files\pisa\client\psa\bin\salesclipix\SalesClipIX.exe
IE: {00000002-0002-000A-BCDE-FFFFFF0000AB} - c:\program files\pisa\client\psa\bin\html2sales\HTML2Sales.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254951538238
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vistageevents.webex.com/client/T27L10NSP11EP5/event/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 172.28.1.66 172.28.1.51
TCP: Interfaces\{B8E41AAC-50E1-4FCA-9DEE-FB051F942959} : DhcpNameServer = 172.28.1.66 172.28.1.51
TCP: Interfaces\{CED7C7B2-2873-482F-939F-614C96EFFF15} : DhcpNameServer = 68.94.156.1 68.94.157.1 4.2.2.1
TCP: Interfaces\{E8382A20-0135-47D3-9733-2234E951F2AE} : DhcpNameServer = 172.28.1.66 172.28.1.51
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matrix01\application data\mozilla\firefox\profiles\gcczvljf.default\
FF - prefs.js: browser.startup.homepage - hxxp://encl/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-7 344712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2009-11-4 147456]
R2 CISMBIOS;CISMBIOS;c:\windows\system32\drivers\cismbios.sys [2011-5-23 14848]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2009-7-2 4232552]
R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program files\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2009-5-22 472440]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-5-23 195072]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2011-5-23 182272]
R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2011-5-23 1058816]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-18 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-1 69192]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\softmon.exe [2011-5-23 385024]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-16 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-9-16 32808]
R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [2009-7-2 7040]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2009-7-2 27008]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2009-7-2 23680]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-9-16 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-16 109568]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-5-23 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-5-23 5120]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-7 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-7 43192]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-5-23 6144]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-16 232744]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2010-1-30 28656]
S3 dlcdbus;DisplayLink Composite USB Bus Driver driver (WDM);c:\windows\system32\drivers\dlcdbus.sys [2010-1-30 90240]
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;c:\windows\system32\drivers\lan9500-x86-n51f.sys [2010-1-30 57344]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-1 66536]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
.
=============== Created Last 30 ================
.
2011-09-30 17:02:36 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-09-27 21:23:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-27 20:29:51 -------- d-----w- C:\mwood
2011-09-27 16:44:51 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-27 16:34:23 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-09-27 16:16:51 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-27 16:12:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-09-27 16:08:57 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2011-09-27 16:08:28 -------- d-----w- c:\windows\ServicePackFiles
2011-09-27 16:05:48 229888 -c----w- c:\windows\system32\dllcache\fxscover.exe
2011-09-27 15:52:41 -------- d-----w- C:\841bff5c32a8d892eb51a6a7f2
2011-09-27 15:49:12 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-09-27 15:49:09 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-09-27 15:37:39 -------- d-----w- C:\2a7aeaf3bd2be375cb87c3
2011-09-27 15:31:11 192512 ----a-w- c:\windows\system32\RemoteExecSvc.exe
2011-09-27 14:55:36 -------- d-----w- c:\documents and settings\matrix01\application data\SUPERAntiSpyware.com
2011-09-27 14:55:18 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2011-09-27 14:55:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-27 14:55:14 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-09-27 14:37:55 -------- d-----w- c:\documents and settings\matrix01\local settings\application data\Symantec
2011-09-27 14:23:54 -------- d-----w- c:\program files\CCleaner
2011-09-27 14:19:11 -------- d-----w- c:\windows\pss
2011-09-27 14:09:10 -------- d-----w- C:\Quarantine
2011-09-27 14:03:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-27 14:03:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 14:03:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-27 14:03:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-27 15:36:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 07:40:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 12:16:58.12 ===============

This post has been edited by km2357: 05 October 2011 - 11:49 PM

Forgot to add 'attach.txt' file


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/6/2009 9:32:41 AM
System Uptime: 9/30/2011 12:03:54 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™2 Duo CPU P9600 @ 2.53GHz | Microprocessor | 2527/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 31.794 GiB free.
D: is CDROM ()
I: is NetworkDisk (NTFS) - 737 GiB total, 319.611 GiB free.
J: is NetworkDisk (NTFS) - 737 GiB total, 319.611 GiB free.
W: is NetworkDisk (NTFS) - 737 GiB total, 319.611 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
==== System Restore Points ===================
.
RP322: 7/6/2011 8:52:24 AM - System Checkpoint
RP323: 7/7/2011 2:14:20 PM - System Checkpoint
RP324: 7/12/2011 9:14:52 AM - System Checkpoint
RP325: 7/13/2011 3:12:13 PM - System Checkpoint
RP326: 7/15/2011 9:11:18 AM - System Checkpoint
RP327: 7/19/2011 9:12:18 AM - System Checkpoint
RP328: 7/21/2011 9:42:38 AM - System Checkpoint
RP329: 8/1/2011 9:14:22 AM - System Checkpoint
RP330: 8/2/2011 4:45:51 PM - System Checkpoint
RP331: 8/4/2011 12:18:09 PM - System Checkpoint
RP332: 8/10/2011 9:12:45 AM - System Checkpoint
RP333: 8/12/2011 9:11:03 AM - System Checkpoint
RP334: 8/15/2011 9:44:19 AM - System Checkpoint
RP335: 8/16/2011 9:46:43 AM - System Checkpoint
RP336: 8/17/2011 10:46:15 AM - System Checkpoint
RP337: 8/19/2011 9:08:56 AM - System Checkpoint
RP338: 8/22/2011 8:33:52 AM - System Checkpoint
RP339: 8/23/2011 12:13:39 PM - System Checkpoint
RP340: 8/24/2011 2:41:17 PM - System Checkpoint
RP341: 8/26/2011 9:27:28 AM - System Checkpoint
RP342: 9/6/2011 10:02:28 AM - System Checkpoint
RP343: 9/7/2011 2:12:25 PM - System Checkpoint
RP344: 9/8/2011 3:14:52 PM - System Checkpoint
RP345: 9/12/2011 9:41:36 AM - System Checkpoint
RP346: 9/13/2011 11:15:50 AM - System Checkpoint
RP347: 9/15/2011 12:08:50 PM - System Checkpoint
RP348: 9/19/2011 9:34:09 AM - System Checkpoint
RP349: 9/20/2011 11:15:33 AM - System Checkpoint
RP350: 9/26/2011 9:11:52 AM - System Checkpoint
RP351: 9/27/2011 10:33:14 AM - Installed Windows XP KB2508272.
RP352: 9/27/2011 10:35:01 AM - Installed Windows XP KB2544893.
RP353: 9/27/2011 10:37:20 AM - Installed Windows XP KB2507938.
RP354: 9/27/2011 10:52:01 AM - Installed Windows XP KB2479943.
RP355: 9/27/2011 11:05:05 AM - Installed Windows XP KB2412687.
RP356: 9/27/2011 11:08:20 AM - Installed Windows XP KB2491683.
RP357: 9/27/2011 11:11:40 AM - Installed Windows XP KB2509553.
RP358: 9/27/2011 11:15:56 AM - Installed Windows XP KB2535512.
RP359: 9/27/2011 11:19:39 AM - Installed Windows XP KB2570222.
RP360: 9/27/2011 11:24:12 AM - Installed Windows XP KB2570947.
RP361: 9/27/2011 11:28:28 AM - Installed Windows XP KB2567680.
RP362: 9/27/2011 11:33:27 AM - Installed Windows XP KB2555917.
RP363: 9/27/2011 11:37:32 AM - Installed Windows XP KB2476490.
RP364: 9/27/2011 11:41:02 AM - Installed Windows XP KB938464-v2.
RP365: 9/27/2011 11:44:18 AM - Installed Windows XP KB2485663.
RP366: 9/27/2011 11:46:29 AM - Installed Windows XP KB2566454.
RP367: 9/27/2011 11:48:50 AM - Installed Windows XP KB2536276-v2.
RP368: 9/27/2011 11:50:45 AM - Installed Windows XP KB2507618.
RP369: 9/27/2011 11:53:14 AM - Installed Windows XP KB2506212.
RP370: 9/27/2011 11:55:39 AM - Installed Windows XP KB2524375.
RP371: 9/27/2011 11:59:43 AM - Installed Windows XP KB2559049.
RP372: 9/27/2011 12:05:32 PM - Installed Windows XP KB2544521.
RP373: 9/27/2011 12:07:52 PM - Installed Windows XP KB2503665.
RP374: 9/27/2011 4:22:27 PM - Installed Java™ 6 Update 26
RP375: 9/27/2011 4:25:16 PM - Installed Java™ 6 Update 27
RP376: 9/29/2011 10:00:13 AM - System Checkpoint
RP377: 9/30/2011 11:24:08 AM - Restore Operation
RP378: 9/30/2011 11:31:03 AM - Restore Operation
RP379: 9/30/2011 11:40:30 AM - Restore Operation
RP380: 9/30/2011 12:05:32 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe Flash Player 10 ActiveX
All Day Battery Life Configuration
AutoVue, Desktop Version
BioAPI Framework
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Broadcom USH Host Components
CCleaner
Choice Guard
Cisco AnyConnect VPN Client
Cisco Systems VPN Client 5.0.04.0300
Citrix XenApp Plugin for Hosted Apps
Compatibility Pack for the 2007 Office system
Dell Security Device Driver Pack
Dell Touchpad
DisplayLink Core Software
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.0.42.0
Intel® PRO Alerting Agent
Intel® Matrix Storage Manager
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 27
Juniper Networks Setup Client Activex Control
Kensington Display Adapter
LANDesk Advance Agent
LANDesk® Common Base Agent 8
LiveUpdate 3.3 (Symantec Corporation)
Lotus Notes 6.5.5
Malwarebytes' Anti-Malware
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 7.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
Oracle AutoVue 19.3.4
PiSA sales Client
PowerDVD DX
PrintKey2000
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SRS Premium Sound
SUPERAntiSpyware
Symantec Backup Exec Desktop Agent
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VNC 4.0
WebEx
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 9:35:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips FireHook intelppm mfehidk
9/27/2011 3:50:00 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
9/27/2011 3:37:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips FireHook FireTDI intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/27/2011 3:37:19 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:37:19 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:37:19 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:37:19 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:37:19 PM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:36:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/27/2011 3:34:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/27/2011 3:34:40 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
9/27/2011 3:29:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips FireHook intelppm mfehidk SASDIFSV SASKUTIL
9/27/2011 3:29:52 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/27/2011 3:29:52 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/27/2011 3:29:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/27/2011 3:22:47 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
9/27/2011 3:17:21 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
9/27/2011 10:01:34 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/27/2011 1:49:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
.
==== End Of File ===========================

This post has been edited by km2357: 05 October 2011 - 11:50 PM

Hi Mike.

I went ahead and edited in your DDS and Attach Logs (the GMER log was too big to post normally). In the future, please post any logs I ask for normally, do not attach them. Unless requested to do so.

Thanks.

A question before we continue:

uWindow Title = Microsoft Internet Explorer provided by Eisenmann Corporation

Is this computer used at your work or at home?

Yes, this is a work computer.

Ok, thanks for letting me know.

Since this is a work computer, it would be best to contact your company's IT department and let them handle it. We don't want to end up deleting something important to your place of employment during the fix process.

I am the I.T. guy. Can't figure this notebook out. That's why I'm hoping you see something in the logs that I missed.

Ok, we'll go ahead and continue and see what we can do.

Be sure to backup the data on the computer in case something happens and you need to access it again in the future.



Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

mwood? Do you still need help?

Yes, But I'm in training this week. I will not be able to post any additional logs until next week.

Regards,

Mike

Ok, thanks for letting me know.

I'll keep this thread open while you're in training.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.