Inactive [InActive] Symtoms of a virus/malware??

[FONT= "Lucida Sans Unicode"]I have contracted something and here are the symptoms:

First issue: When I use a search engine (yahoo, msn, google, etc) I get the search result and all seems well. Then when I click on one of the results I am then redirected to another site. If I click the back button it will then take me to the site I choose.

The second issue is that I cannot update my MBAM, Ccleaner, Symantec (Corp Edition), SpyBot or Super Anti-Spyware. I have ran all my scans successfully and they come up all clear.

Third issue is my regedit is gone.

Fourth issue is that all my previous restore points are gone as well.

I have had this problem for about a week and I can't seem to find the issue. Please help!!!

Many thanks!! [/FONT]

 

@Dragonfly77

Can you read these instructions and try to follow them, if you are unable to download DDS then post back and one of the malware experts will assist in due course.

@Heartbeat

It's best to leave malware assistance to the experts on this board, they are quite busy at times but I'm sure one will help Dragonfly77 in due course.

 

Ok, thank you for the quick response. Here is my DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Shannon Del Real at 10:14:58.96 on 2009-04-13
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.447 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shannon Del Real\Local Settings\Temporary Internet Files\Content.IE5\WALNRCYH\dds[1].pif

============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanno~1\applic~1\mozilla\firefox\profiles\mfab0fsy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\shannon del real\application data\mozilla\firefox\profiles\mfab0fsy.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\program files\java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlservr.exe [2005-5-4 9158656]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\naveng.sys [2009-4-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\navex15.sys [2009-4-8 876144]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\administrator\desktop\superantispyware\sasdifsv.sys --> c:\documents and settings\administrator\desktop\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\administrator\desktop\superantispyware\saskutil.sys --> c:\documents and settings\administrator\desktop\superantispyware\SASKUTIL.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2006-8-27 15104]
S3 SASENUM;SASENUM;\??\c:\documents and settings\administrator\desktop\superantispyware\sasenum.sys --> c:\documents and settings\administrator\desktop\superantispyware\SASENUM.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S4 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlagent.EXE [2005-5-3 323584]

=============== Created Last 30 ================

2009-04-12 00:05 <DIR> a-dshr-- C:\cmdcons
2009-04-12 00:03 161,792 a------- c:\windows\SWREG.exe
2009-04-12 00:03 98,816 a------- c:\windows\sed.exe
2009-04-12 00:03 389,120 a------- c:\windows\system32\CF14941.exe
2009-04-12 00:03 <DIR> --d----- C:\ComboFix
2009-04-10 11:50 38,218 a------- c:\windows\alaredun.ini
2009-04-08 20:06 <DIR> --d----- C:\EmergencyUtils
2009-04-08 19:48 <DIR> --d----- c:\program files\palmOne
2009-04-08 16:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-04 14:50 <DIR> --d----- c:\docume~1\shanno~1\applic~1\SUPERAntiSpyware.com
2009-04-04 14:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-03 18:15 <DIR> --d----- c:\program files\Trend Micro
2009-03-31 20:08 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-03-31 19:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-31 19:49 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-31 19:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-31 19:49 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-31 19:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-31 19:49 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-31 19:49 <DIR> --d----- C:\7cda0d99848c33892607e06e21
2009-03-31 19:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-31 19:49 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-30 14:07 <DIR> --d----- c:\docume~1\shanno~1\applic~1\Elluminate
2009-03-26 08:52 <DIR> --d----- c:\program files\MSECache
2009-03-25 17:04 0 a------- c:\windows\0
2009-03-24 10:04 369,912 a------- c:\windows\system32\mercsettings.dll
2009-03-17 10:01 81 a------- c:\windows\Mercury.ini
2009-03-16 19:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\alamode

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 20:46 34 a------- c:\documents and settings\shannon del real\jagex_runescape_preferences.dat
2009-03-24 17:35 996,600 a------- c:\windows\system32\auroraupgrade.dll
2009-03-11 13:44 496,888 a------- c:\windows\system32\alatrans.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-02 10:36 1,582,328 a------- c:\windows\system32\wtusers.dll
2009-03-02 09:38 447,736 a------- c:\windows\system32\alamail.dll
2009-02-24 23:39 1,409 a------- c:\windows\fonts\ALAMODE.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM120.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM112.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM105.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM100.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM09B.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM090.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\AFORM080.fot
2009-02-24 23:39 1,409 a------- c:\windows\fonts\ADATA095.fot
2009-02-24 11:22 1,344,760 a------- c:\windows\system32\wtfiles.dll
2009-02-21 15:48 70,775 a------- c:\windows\hpqins06.dat
2009-02-21 15:38 71,293 a------- c:\windows\hpqins04.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-03 13:37 701,688 a------- c:\windows\system32\aconvert.dll
2009-02-02 15:09 2,295,032 a------- c:\windows\system32\xsitenet.dll
2009-01-28 13:32 3,442,032 a------- c:\windows\system32\filecabinet5.dll
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-13 12:09 333,048 a------- c:\windows\system32\alaxml.dll
2008-08-11 21:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 10:15:53.43 ===============


Here is the attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2005-04-28 20:50:54
System Uptime: 2009-04-13 08:56:28 (2 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 798/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 89 GiB total, 53.662 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01891028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01891028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\12328E1384FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\12328E1384FC000
Service: NIC1394

==== System Restore Points ===================

RP1: 2009-04-04 14:25:07 - System Checkpoint
RP2: 2009-04-04 14:50:51 - Installed SUPERAntiSpyware Free Edition
RP3: 2009-04-05 21:18:08 - System Checkpoint
RP4: 2009-04-06 21:54:49 - System Checkpoint
RP5: 2009-04-08 12:25:57 - System Checkpoint
RP6: 2009-04-08 19:48:04 - Removed palmOne
RP7: 2009-04-08 19:49:37 - Removed Musicmatch for Windows Media Player
RP8: 2009-04-10 12:53:44 - System Checkpoint
RP9: 2009-04-12 00:04:17 - ComboFix created restore point

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AiO_Scan
AiOSoftware
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom Management Programs 2
Brother MFL-Pro Suite
BufferChm
Business Contact Manager for Outlook 2003
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
DigitImg
DocProc
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
Fax
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Memories Disc
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Image Web Server 8.1 IE Plugins (Build:3,4,0,242)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 8
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.8)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
mToolkit
mWlsSafe
mXML
mZConfig
NewCopy
PDF-XChange 3
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD 5.3
ProductContext
PS7700
PSShortcuts
PSUsage
Qualxserve Service Agreement
QuickTime
Readme
RealPlayer Basic
Roblox for Shannon Del Real
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
SolutionCenter
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
Symantec AntiVirus
TrayApp
Unload
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2009-04-08 16:42:20, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2009-04-08 16:39:45, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 16:15:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
2009-04-08 14:16:27, error: NetBT [4321] - The name "MSHOME :0" could not be registered on the Interface with IP address 192.168.1.107. The machine with the IP address 192.168.1.104 did not allow the name to be claimed by this machine.
2009-04-08 12:38:34, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0012F04CE1B9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2009-04-08 10:25:31, error: NetBT [4321] - The name "MSHOME :0" could not be registered on the Interface with IP address 192.168.1.105. The machine with the IP address 192.168.1.104 did not allow the name to be claimed by this machine.
2009-04-08 10:25:23, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0012F04CE1B9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2009-04-07 19:30:21, error: Print [19] - Sharing printer failed + 1722, Printer Intuit Internal Printer share name Printer2.
2009-04-06 20:13:53, error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the path specified.
2009-04-06 20:13:53, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: The system cannot find the path specified.
2009-04-06 20:13:13, error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: The system cannot find the path specified.
2009-04-08 19:02:30, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:14:50, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2009-04-08 19:14:56, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:20:26, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:24:09, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
2009-04-08 19:24:15, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:24:21, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 2 time(s).
2009-04-08 19:24:27, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 3 time(s).
2009-04-08 19:26:47, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:31:54, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-04-08 19:31:59, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 4 time(s).
2009-04-08 19:32:54, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2009-04-08 19:40:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2009-04-08 19:46:35, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service IDriverT with arguments "-Service" in order to run the server: {064CB054-2518-474E-B2E8-200049528C42}
2009-04-08 19:56:49, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

 

Hi and welcome

I can see ComboFix has been used on this computer.
I want you to try and find the txt file it created in order for me to see what was and was not removed.

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt <-- Can you find this file? please post the contents if found.


Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

In your next reply post:
RegQuery log
And any of the Combofix files

 

Due to the lack of feedback this Topic is closed.


If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter.