Inactive spyware guard 2009 clean up & HijackThis log help

[Inactive] spyware guard 2009 clean up & HijackThis log help

Last week this computer got hit. Oh what fun to remove that one. It had put defenses around itself, knocked out the restore function, blocked access to many (particularily security) web sites, and other things I can't seem to remember. I got rid of it with Malwarebytes but there's some leftovers I need help with. Here's what is still going on:

- Restore lets you choose the restore point to return to but just sits there.

- All searches on most major search engines return the found links but you get redirected when you click on those links.

- Most anti-virus sites and discussion forums that have the cure for spyware guard are being blocked. (Page not found)

- Microsoft's Windows Update site and most of the tech support links are being blocked. This is also causing windows automatic update to fail.

I downloaded HijackThis. Hopefully it's installed properly. I'll post a log file it generated. I could use some help resolving the above issues.

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:39 PM, on 1/19/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\freecell.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232114650234
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4329 bytes

Thanks!

 

The Attach file instructs to zip it's contents and attach it to the posting. I don't see an attachment feature on your posting window. Should I post the text of both files and ignore the instructions in the Attach output? Ok, I found your "ignore that instruction." Here they are:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/30/2005 7:51:53 AM
System Uptime: 1/19/2009 9:21:48 AM (6 hours ago)

Motherboard: Dell Inc. | | 0W9260
Processor: Intel(R) Celeron(R) M processor 1.40GHz | Microprocessor | 1396/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 57.972 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
ALPS Touch Pad Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Broadcom Management Programs 2
Conexant D110 MDC V.9x Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
GTK+ 2.10.6-1 runtime environment
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Lexmark 730 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
Modem Helper
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickSet
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
The GIMP 2.2.14
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Viewpoint Media Player
Virtual Earth 3D (Beta)
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP2) [See Q329115 for more information]
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

1/12/2009 11:18:55 PM, error: Service Control Manager [7034] - The LiveUpdate Notice service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:18:55 PM, error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:18:55 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/12/2009 11:18:55 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
1/12/2009 11:03:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2009 10:24:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSPX SYMTDI Tcpip
1/12/2009 10:24:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2009 10:24:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2009 10:24:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2009 10:24:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2009 10:21:49 PM, error: Service Control Manager [7000] - The lxcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2009 10:21:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.
1/12/2009 10:21:49 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service lxcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}
1/12/2009 10:14:57 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 00123FE96431 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
1/12/2009 9:56:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/12/2009 9:55:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2009 11:22:28 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:22:34 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:23:53 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:24:40 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2009 11:28:17 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 2 time(s).
1/13/2009 6:34:11 AM, error: PSched [14103] - QoS [Adapter {610FB3A1-7DAD-4A7A-9AD1-A1BDD5819DAF}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
1/13/2009 9:59:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/13/2009 11:29:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SPBBCDrv SRTSPX SYMTDI
1/13/2009 2:48:12 PM, error: Service Control Manager [7000] - The CO_Mon service failed to start due to the following error: The system cannot find the file specified.
1/13/2009 3:31:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SRTSPX SYMTDI
1/14/2009 8:08:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip
1/14/2009 4:53:23 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
1/14/2009 4:53:28 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
1/15/2009 8:53:19 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/15/2009 8:30:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm
1/16/2009 5:01:08 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/19/2009 8:23:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB840987).

==== End Of File ===========================



DDS (Ver_09-01-18.01) - NTFSx86 NETWORK
Run by Administrator at 15:17:34.48 on Mon 01/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.503.275 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\freecell.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe "
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe "
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\npjpi150_11.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-19 11:52 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 09:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC-Doctor
2009-01-19 09:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-01-19 08:59 <DIR> --d----- c:\program files\Dell Support Center
2009-01-19 08:59 <DIR> --d----- c:\program files\common files\supportsoft
2009-01-17 15:17 <DIR> -cd-h--- c:\windows\$xpsp1hfm$
2009-01-16 17:10 30,720 -------- c:\windows\system32\xpsp1hfm.exe
2009-01-15 21:07 <DIR> --ds---- c:\documents and settings\administrator\UserData
2009-01-15 10:40 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-01-15 10:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-15 10:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 10:34 <DIR> --d----- c:\program files\clean
2009-01-15 10:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-14 14:38 28,160 a--sh--- c:\windows\Thumbs.db
2009-01-14 14:38 6,656 a--sh--- c:\windows\system32\Thumbs.db
2009-01-13 18:32 <DIR> --dsh--- c:\windows\system32\twain32
2009-01-13 14:02 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-01-13 10:32 <DIR> --d----- c:\documents and settings\Administrator
2009-01-12 18:41 <DIR> --d----- c:\program files\common files\Symantec Shared

==================== Find3M ====================

2008-12-31 09:42 2,672 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-12 12:27 3,067,392 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-04-20 17:08 130,720 a------- c:\program files\IF

============= FINISH: 15:18:00.40 ===============


I wanted to add two more pieces of damage I noticed:

- there's a user that has admin access. Somehow spyware guard 2009 blocked that user from accessing the task manager.

- This may be nothing but I'm seeing 5 or more copies of scvhost running.

 

Welcome to WindowsBBS dirtclod


Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thanks noahdfear!

The virus attacked the first download of Combofix. It wouldn't run. Then it blocked all three download links on Combofix's help page. I managed to get a copy from a link at another site...strangely that link pointed back to here. I changed the name as I saved it to the desktop and it ran fine. Here's the log:

ComboFix 09-01-19.05 - Administrator 2009-01-20 8:27:38.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.503.394 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\majorfix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll
c:\windows\system32\drivers\TDSSrfdc.sys
c:\windows\system32\TDSSblat.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSofkl.dll
c:\windows\system32\TDSSovba.dll
c:\windows\system32\TDSSqkhc.dll
c:\windows\system32\TDSSqomd.log
c:\windows\system32\TDSSshbr.log
c:\windows\system32\TDSStnyq.dll
c:\windows\system32\TDSSurkv.dll
c:\windows\system32\TDSSxnpb.dll
c:\windows\system32\twex.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 11:52 . 2009-01-19 11:52 <DIR> d-------- c:\program files\Trend Micro
2009-01-19 09:00 . 2009-01-19 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\SupportSoft
2009-01-19 09:00 . 2009-01-19 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCDr
2009-01-19 09:00 . 2009-01-19 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC-Doctor
2009-01-19 08:59 . 2009-01-19 08:59 <DIR> d-------- c:\program files\Dell Support Center
2009-01-19 08:59 . 2009-01-19 08:59 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-01-19 08:46 . 2009-01-19 09:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2009-01-19 08:22 . 2009-01-19 08:23 <DIR> d-------- c:\windows\LastGood
2009-01-17 15:17 . 2009-01-17 15:36 <DIR> d--h-c--- c:\windows\$xpsp1hfm$
2009-01-17 15:16 . 2009-01-17 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gtek
2009-01-16 17:10 . 2004-07-29 01:19 30,720 --------- c:\windows\system32\xpsp1hfm.exe
2009-01-16 09:49 . 2009-01-16 09:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-01-15 21:07 . 2009-01-15 21:07 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-15 12:40 . 2009-01-15 12:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-15 10:40 . 2009-01-15 10:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-15 10:34 . 2009-01-17 21:48 <DIR> d-------- c:\program files\clean
2009-01-15 10:34 . 2009-01-15 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 10:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 10:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 04:59 . 2009-01-15 04:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-01-14 14:38 . 2009-01-14 14:38 28,160 --ahs---- c:\windows\Thumbs.db
2009-01-14 14:38 . 2009-01-14 14:38 6,656 --ahs---- c:\windows\system32\Thumbs.db
2009-01-13 18:32 . 2009-01-20 06:54 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-13 14:02 . 2009-01-13 14:02 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2009-01-13 12:08 . 2009-01-14 11:14 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-01-13 10:32 . 2005-09-23 11:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-13 10:32 . 2009-01-15 21:07 <DIR> d-------- c:\documents and settings\Administrator
2009-01-12 18:41 . 2009-01-15 14:34 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-04 15:56 . 2009-01-17 15:39 <DIR> d--hs---- c:\documents and settings\JOANN\Application Data\twain32
2009-01-02 21:18 . 2009-01-02 21:18 <DIR> d-------- c:\documents and settings\JOANN\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 20:18 --------- d-----w c:\program files\MSXML 4.0
2009-01-11 10:32 --------- d-----w c:\program files\Lx_cats
2008-12-31 14:42 2,672 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-12 17:27 3,067,392 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\system32\dllcache\gdi32.dll
2008-04-20 22:08 130,720 ----a-w c:\program files\IF
2004-08-04 10:00 615,936 ----a-r c:\documents and settings\JOANN\Application Data\twex.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI "= "c:\windows\system32\WLTRAY" [X]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"PCMService "= "c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-23 26112]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2005-09-23 98304]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LXCFCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]
"dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]

c:\documents and settings\JOANN\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-05-17 806912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-09-23 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\WINDOWS\\system32\\lxcfcoms.exe "=

.
.
------- Supplementary Scan -------
.
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 08:31:09
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16??????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-01-20 8:32:38
ComboFix-quarantined-files.txt 2009-01-20 13:32:28

Pre-Run: 62,173,573,120 bytes free
Post-Run: 62,339,076,096 bytes free

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

146 --- E O F --- 2009-01-19 13:23:27

 

Good work! Looks like ComboFix did a good job of cleaning. Lets double check for stragglers. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Here's the results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 21, 2009
Operating System: Microsoft Windows XP Home Edition (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 21, 2009 09:38:36
Records in database: 1658245
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 55642
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:09:29


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofkl.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSovba.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSStnyq.dll.vir Infected: Rootkit.Win32.TDSS.dbg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurkv.dll.vir Infected: Backdoor.Win32.TDSS.asz 1

The selected area was scanned.

 

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

You can delete DDS and any other logs that were created/saved too.
Empty the recycle bin when done.

That should finish things up.

 

Thank you noahdfear,

I did as you suggested. Then I went about updating everything. I got windows updated, downloaded Dell's maintenance software, then I loaded a new firewall and AV from Comodo. Most of the problems related to the original virus attack seemed to go away. It looked like smooth sailing. All I had to do was id and fix the remaining problems.

But I got sidetracked. I had some pictures on an SD card that I wanted to put in the computer. Things started going downhill from there. When I put the card in, the computer was recognizing it had the card in the slot, but it wouldn't automatically bring up the software. I checked all the settings and they seemed to be intact. I thought I would use Dell's maintenance software to help diagnose the problem. But I didn't find it helpful. So I decided to uninstall Dell's software. After the uninstall finished and it rebooted the computer, I saw a windows message that said it had found a new LAN. After some more fidgiting I found out that access to the internet was no longer possible. The computer couldn't detect the ip addresses.

I had set a Restore point that morning. So I tried to use Restore. I had no luck. There were three restore points in there but it wouldn't restore to any of them. I kept giving the message that there had not been any changes made since the restore points were made.

After about a day of digging into the ip detection problem, I found I could get the internet to work by booting into safe mode then shutting off the AV and firewall. I noticed when I first installed the AV that it was showing its own error. It had a diagnostic routine for its own integridity. I ran it several times and it coutinued to come back saying everything was ok. But the status was still showing a problem. After a few more minutes, the warning cleared on its own. So I ignored it. Everything seemed ok...that is until I removed the Dell software. Now I see the AV shows that warning all the time and its diagnostic routine still says everything is ok.

Here's what is still amiss:

- Fix the Restore
- One user who has admistrator privledges still can't access the task manager.
- There's still 4-6 copies of svchosh.exe active at all times...even when there are no running applications.
- When an SD card is installed the software is not coming up automatically.
- Can't run AV & firewall without losing internet ip addresses.


I also see that the computer tag is inserted into the user names in various places. Is that normal? Or did the virus modify the user names as part of a spyware attack?

 

It's quite normal to have as many as 6 svchost.exe processes. Many services load under that executable, and they are divided amongst the number of svchost.exe processes running.

Please post a DDS log run while logged onto each of the other accounts on the computer.