Member Avatar for nemisis9

Hi

Laptop caught a virus the other day so I have spent all day running virus scans but am now at a complete loss to why I still can't connect to the internet. I have tried pinging yahoo.com to test with no packets lost etc so there is an internet connection but I cannot get through whatever is blocking the display of web pages.

I have run the following programmes and here are the results.

GMER Rootkit Scanner

Logs as follows

GMER One.log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-22 10:18:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2080AT_PL rev.000000A0
Running: goeup9jt.exe; Driver: C:\DOCUME~1\SHAUNT~1\LOCALS~1\Temp\uwtdipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA393182E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA3931652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA393178C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86CD957B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 86CD957B
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskFUJITSU_MHV2080AT_PL____________________000000A0#5&224947b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

GME Two.log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-22 10:52:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2080AT_PL rev.000000A0
Running: goeup9jt.exe; Driver: C:\DOCUME~1\SHAUNT~1\LOCALS~1\Temp\uwtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA391D728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA39247EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA39246A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA3924CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA3924BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA3924276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA391D7D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA392477E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA39241B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA3924218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA391D870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA39248C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA3924D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA3924880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA3924A04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA393182E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA3931652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA393178C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

DDS Scanlog Results

Attach
______


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 15/03/2009 15:31:52
System Uptime: 22/01/2011 11:59:01 (1 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.73GHz | N/A | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 12.406 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 12.166 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP43: 19/12/2010 13:19:22 - System Checkpoint
RP44: 20/12/2010 17:50:55 - System Checkpoint
RP45: 21/12/2010 21:07:06 - System Checkpoint
RP46: 22/12/2010 23:13:10 - System Checkpoint
RP47: 23/12/2010 23:21:11 - System Checkpoint
RP48: 28/12/2010 13:38:19 - System Checkpoint
RP49: 30/12/2010 13:24:08 - System Checkpoint
RP50: 01/01/2011 12:01:05 - System Checkpoint
RP51: 01/01/2011 15:01:35 - Configured EA Download Manager
RP52: 01/01/2011 15:14:22 - Removed Norton Ghost 10.0
RP53: 02/01/2011 19:20:38 - System Checkpoint
RP54: 03/01/2011 21:36:36 - System Checkpoint
RP55: 05/01/2011 19:38:08 - System Checkpoint
RP56: 06/01/2011 22:36:15 - System Checkpoint
RP57: 08/01/2011 19:19:12 - System Checkpoint
RP58: 09/01/2011 21:17:34 - System Checkpoint
RP59: 12/01/2011 00:07:32 - System Checkpoint
RP60: 12/01/2011 19:12:58 - Software Distribution Service 3.0
RP61: 14/01/2011 23:16:03 - System Checkpoint
RP62: 16/01/2011 10:23:54 - System Checkpoint
RP63: 17/01/2011 22:21:22 - System Checkpoint
RP64: 18/01/2011 19:40:19 - Installed NoRakeOnline
RP65: 19/01/2011 21:02:55 - System Checkpoint
RP66: 21/01/2011 02:51:37 - System Checkpoint
RP67: 21/01/2011 05:31:26 - Restore Operation
RP68: 21/01/2011 05:43:40 - Restore Operation
RP69: 22/01/2011 09:42:52 - System Checkpoint

==== Installed Programs ======================

888poker
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Adobe Shockwave Player 11.5
AOL Toolbar 5.0
avast! Free Antivirus
Betsson Poker
Bodog Poker
Business Contact Manager for Outlook 2007 SP2
bwin Poker (remove only)
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
DVgate Plus
Facebook Plug-In
Farm Frenzy Pizza Party 1.00
Free Realms
Free Realms Installer
Full Tilt Poker
Game Booster
Game Maker 8.0
Games_Bar_1 Toolbar
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google AFE
Google Toolbar for Internet Explorer
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Converter 2 Plus
IMVU Avatar Chat Software
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
J2SE Runtime Environment 5.0 Update 6
John Deere Drive Green
LAN-Express AS IEEE 802.11 Wireless LAN
LinesMaker Poker
Malwarebytes' Anti-Malware
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
mXML
NoRakeOnline
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
PCStitch Pro 9
Picasa 3
Playsushi
Poker Host
PokerHost
PokerStars
Realtek High Definition Audio Driver
RedKings (remove only)
Roblox for Shaun Thomas
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setting Utility Series
Skype Toolbars
Skype™ 5.1
SonicStage 3.4
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
UB
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Long Battery Life Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Online Registration (English)
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Product Survey
VAIO Sea Wallpaper
VAIO Starfish Wallpaper
VAIO Update 2
VOR
VPS
War of Conquest
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Wireless LAN Starter

==== Event Viewer Messages From Past Week ========

22/01/2011 12:00:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
22/01/2011 09:12:05, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.101. The machine with the IP address 192.168.1.102 did not allow the name to be claimed by this machine.
21/01/2011 05:31:13, error: Modem [2] - Not enough resources were available for the driver.
20/01/2011 17:59:48, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD8-2166-11D1-B1D0-00805FC1270E}
20/01/2011 17:59:07, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
20/01/2011 17:08:26, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the path specified.
16/01/2011 21:08:31, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00166F8D7E4D. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
15/01/2011 18:28:45, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00166F8D7E4D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

DDS
___


DDS (Ver_10-12-12.02) - NTFSx86
Run by Shaun Thomas at 12:04:48.37 on 22/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.610 [GMT 0:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:8893
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Oryte Games 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\tbGam2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\GoogleAFE.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Oryte Games 1 Toolbar: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - c:\program files\games_bar_1\tbGam2.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [enhkgfop] c:\docume~1\shaunt~1\locals~1\temp\ohtuesewy\hfawwyduerb.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [PDService.exe] c:\program files\utimaco\safeguard privatedisk\pdservice.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [ntqog] c:\windows\system32\config\systemprofile\ntqog.exe /t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\shaun thomas\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237232433750
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-28 294608]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [2004-7-6 45627]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-28 40384]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

=============== Created Last 30 ================

2011-01-18 19:40:21 -------- d-----w- c:\program files\NoRakeOnline
2011-01-18 19:39:40 695578 ----a-w- c:\windows\unins000.exe
2011-01-18 19:39:40 4096 ----a-w- c:\windows\MyProgram.exe
2011-01-17 23:10:18 -------- d-sh--w- c:\documents and settings\shaun thomas\IECompatCache

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-01 15:01:36 486 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-14 18:00:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2080AT_PL rev.000000A0 -> Harddisk0\DR0 -> \Device\0000007a

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CF3735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86cf9990]; MOV EAX, [0x86cf9a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86D72AB8]
3 CLASSPNP[0xF752CFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000072[0x86D69228]
5 ACPI[0xF7393620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86D68940]
\Driver\atapi[0x86D74B08] -> IRP_MJ_CREATE -> 0x86CF3735
error: Read The device is not ready.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskFUJITSU_MHV2080AT_PL____________________000000A0#5&224947b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CF357B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 12:06:37.40 ===============

And followed all the other instructions that were in the post Read me before posting any advice from this point would be extremely appreciated.

Thanks in advance

  • 2 Contributors
  • 8 Replies
  • 451 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by gerbil
Member Avatar for gerbil

Hi, nemesis, it looks like you may have a rootkit... and a few unhidden malware files to boot.
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --dclick in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF. Repeat in other User profiles.
==Download tdsskiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
Start TDSSKiller via this command, NOT the icon:
"%userprofile%\desktop\tdsskiller.exe" -l C:\tdssrpt.txt -paste this into Start, Run...
- click Scan. If TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required]; press continue also on Skip prompt. Do not delete or quarantine any files.
Post the log from C:\.
HiJackThis:
You have a choice of versions, installable program or stand-alone executable; in action they are fundamentally identical; on their own they make no alterations, merely scan vulnerable locations and report.

i] -download installable hijackthis: http://www.majorgeeks.com/download5554.html or http://www.filehippo.com/download_hijackthis/
-dclick that .msi file to install Hijackthis as a program.
Else...
ii] - download the executable file from: http://www.bleepingcomputer.com/files/hijackthis.php
- unzip if necessary; copy hijackthis.exe to a new FOLDER placed either alongside your program files or on your desktop.
Start Hijackthis via the desktop icon or by dclicking hijackthis.exe.
- CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
- click the Scan and Save a Logfile button. Post the log here.

uRun: [enhkgfop] c:\docume~1\shaunt~1\locals~1\temp\ohtuesewy\hfawwyduerb.exe
dRun: [ntqog] c:\windows\system32\config\systemprofile\ntqog.exe /t

Edited by gerbil because: n/a
Member Avatar for nemisis9

Hi

Here's what I have done prior to you replying which has knackered my laptop temporarily. I followed the instructions from Microsofts website to safe boot and only load certain drivers but for some insane reason moment of madness I guess I decided to delete the user account just leaving the admin account in place. Now when I boot I can;t even get the desktop to stay on as it crashes due to a bad memory reference Internet explorer options are not available and it won't even boot successfully into safe mode I am guessing i'll have to but a recovery disk now due to this stupid thing I have done. Was woeking initially after following Microsofts instructions but did disable my wireless temporarily before I rebooted and started again but now will not work at all in safe mode or normal mode any ideas?

Member Avatar for gerbil

:)... not too many.
You could use the Recovery Console from your cd to delete those two files I show at bottom of my first post. While in the RC it would not hurt to rewrite the MBR code [in case it has a rootkit] with the command ..
fixmbr
A bad memory reference means bad coding, likely in some part of the malware. It must be being loaded in Safe Mode.... not much else you can do with the RC, though, because the whole of the malware is a mystery.
If you can finally get into safe mode you can create a new user there and copy all your document and setting into it from the old account [they don't get deleted when you delete the account].
Say if you make it to Safe Mode.
Files to delete:
c:\docume~1\shaunt~1\locals~1\temp\ohtuesewy\hfawwyduerb.exe [delete everything inside this folder, \ohtuesewy]
c:\windows\system32\config\systemprofile\ntqog.exe

Edited by gerbil because: n/a
Member Avatar for nemisis9

Don't close this thread I have had to buy a recovery CD so will be here in a day or 2 then i'll be back on track to mending the issues it now only boots to a cursor just getting worse going to wait now for the recovery CD and will advise in a few days.

Thanks for the help sofar though.

Member Avatar for nemisis9

I havn't even got a CD here at the moment damn kids lol. Will update hopefully tomorrow. Thanks again for all the advice so far it's much appreciated

Member Avatar for nemisis9

Okay here's the latest update Gerbil,

Windows setup cannot find the EULA kill me now lol

Any ideas welcome all I have is the recovery console at the moment do I need to but another cop of Windows Xp as this laptop came preinstalled with XP or can I make a copy from this PC?

Member Avatar for gerbil

What were you trying to start to get this msg... "Windows setup cannot find the EULA"? Windows does not require EULA.txt to start, nor does the RC. Windows Setup does... you don't want to be running that just yet... you want to bypass that and start the Recovery Console: choose the repair or recover option by pressing R [Enter takes you to Install or Repair installation... you don't want that].
As for the msg, all i could find of any sense regarding it was this: http://support.microsoft.com/default.aspx?scid=kb;en-us;326673 - perhaps it is not relevent here, though.
Anyway, your latest problem of not booting even to safe mode was not caused by deleting your user profile.
If you cannot get the Recovery Console to start there is this method of creating a bootable floppy and using that to run chkdsk:
http://download.fyxm.net/Avira-NTFS4DOS-78905.html
http://www.softpedia.com/get/System/Hard-Disk-Utils/Avira-NTFS4DOS-Personal.shtml
Dl to a working sys, run it to install, it will automatically want to build a bootable floppy [which contains chkdsk.exe [cmd line tool] and chkdskg.exe [gui tool].
Boot from the floppy, run chkdsk.
Good luck. If chkdsk doesn get your sys up, I think you are gazing at a Repair. Yuck.
Way back at the top..."I have tried pinging yahoo.com to test with no packets lost etc so there is an internet connection but I cannot get through whatever is blocking the display of web pages." ... that problem, which is dim history, most likely was caused by an incorrect setting in your network setup re your DNS server location.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.