I think there is a procedure for replacing single files, but I am concerned that it might be hiding elsewhere.
One thing that caused me to run the scan is that our firewall was down and could not be restarted.
The IT folks where my wife works recommended your sight. Specifically, they suggested that I use CombiFix. I went to your web site and saw that it is suggested that it be used with the help of a guide. I read how you do things and have been trying to follow the pattern given.
I have tried to follow the Prep Guide.
1) Data is backed up.
2) Oh yeah! It's Malware.
3) Account created.
5) Could not enable a firewall, so I pulled the network line. No wireless capability on this machine.
6) No CD emulation SW
7) DDS run. Log attached.
8) Create GMER log. This is a story of woe.
In Normal Mode: could not run. Lots of processes would start up (CSvchst.exe, wuault.exe) and suck all the processor time.
I tried a couple of times. Thinking that the processor hogs were not supposed to be there (Yes. I am ignorant of whether or not they should be running.) I repeatedly killed these processes and was able to get further with the scan. The horde of processes eventually overran me.
In Safe Mode (this is the only step for which I was in Safe Mode): It ran to completion. While is was running the desktop went away. I was left with only GMER on the screen. After completion, I was not able to save the log that was created. I transcribed what is on the screen. That transcription is in the attached zip file.
I read a few (dozen or so) postings on the sight and decided to try a few things to see if I could get GMER to work.
I ran TDDSKiller. It found tcpip.sys to be infected.
I could now turn on the firewall; the computer remains unplugged from the network.
I ran TFC by Old Timer.
I was prompted to reboot and did so.
I tried to rerun GMER. It chugged along for an hour and the system rebooted.
I ran Malwarebytes v1.46 short scan. With the definitions I had (5/20/2010 I think).
It found Adaware.GameVance. I cleaned it.
I plugged into the network long enough to update the definitions (got 7/15/2010 definitions).
The machine is again unplugged.
I ran a full scan.
My son reports that it found and he had it fix PUP.SUNLAB.
I have zipped up the logs I have got and they are attached. This zip includes the DDS.txt. It seemed kind of long to past into this message. I hope that is OK.
I think that covers it. Please advise what I might do next. I am pretty close to reinstalling the system.
I would appreciate advice on having a home network that is open enough to share printers and files AND safe from the outside world. I think opening up permissions for file sharing and printer sharing is what made us vulnerable.
Many thanks for a place to seek advice.