Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

win32:sirefef-sm[trj] & win32:rootkit-gen[rtk] [Closed]

Started by portboy123 , May 08 2012 09:16 AM

  • This topic is locked This topic is locked
134 replies to this topic

#106 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 18 May 2012 - 06:47 AM

yes it is set to automatic.

    Advertisements

Register to Remove

#107 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 May 2012 - 07:47 AM

Hi,

The easiest way to reset services is to use this tool.

Download Windows Repair (all in one) from this site

Install and then run the program.

On the Start Repairs tab, select Advanced Mode and click Start
Posted Image


Select the items Checked in the screen shot below (remove the checks from the rest ) and check Restart System When Finished.

Posted Image
----------

Once complete let me know if the service has been fixed. :)
Posted Image
 
 

#108 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 18 May 2012 - 07:49 PM

hi jeff sorry so late getting back to tiu, i ran the scan and it did not fix the problem , i downloaded the program then did a restart and checked if netbt was in c/ windows/ system32/drivers and it was not there so i ran the scan here is the log Starting Repairs... Start (5/18/2012 8:24:30 PM) Repair WMI Start (5/18/2012 8:24:30 PM) Step 01/03 - Deleting WMI Repository... The system cannot find the path specified. Step 02/03 - Rebuilding WMI Repository... Step 03/03 - Registering WMI... Done (5/18/2012 8:28:25 PM) Repair Windows Firewall Start (5/18/2012 8:28:25 PM) System error 1060 has occurred. The specified service does not exist as an installed service. The Windows Firewall/Internet Connection Sharing (ICS) service is not started. More help is available by typing NET HELPMSG 3521. System error 1060 has occurred. The specified service does not exist as an installed service. The service name is invalid. More help is available by typing NET HELPMSG 2185. The service name is invalid. More help is available by typing NET HELPMSG 2185. Done (5/18/2012 8:28:34 PM) Repair Internet Explorer Start (5/18/2012 8:28:34 PM) Done (5/18/2012 8:30:55 PM) Remove Policies Set By Infections Start (5/18/2012 8:30:55 PM) Done (5/18/2012 8:30:58 PM) Repair Winsock & DNS Cache Start (5/18/2012 8:30:58 PM) Done (5/18/2012 8:31:08 PM) Repair Proxy Settings Start (5/18/2012 8:31:08 PM) Done (5/18/2012 8:31:11 PM) Repair Windows Updates Start (5/18/2012 8:31:11 PM) The Background Intelligent Transfer Service service is not started. More help is available by typing NET HELPMSG 3521. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\{127D0~1\catdb - The process cannot access the file because it is being used by another process. C:\WINDOWS\system32\catroot2\{F750E~1\catdb - The process cannot access the file because it is being used by another process. 'bitsadmin.exe' is not recognized as an internal or external command, operable program or batch file. Done (5/18/2012 8:32:46 PM) Set Windows Services To Default Startup Start (5/18/2012 8:32:46 PM) Done (5/18/2012 8:33:20 PM) Repair MSI (Windows Installer) Start (5/18/2012 8:33:20 PM) The Windows Installer service is not started. More help is available by typing NET HELPMSG 3521. Done (5/18/2012 8:33:32 PM) Cleaning up empty logs... All Selected Repairs Done. Done (5/18/2012 8:33:32 PM) Total Repair Time: 00:09:02 ...YOU MUST RESTART YOUR SYSTEM...

#109 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 18 May 2012 - 09:04 PM

Hi, Ok let me know exactly how your system is acting now.
Posted Image
 
 

#110 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 18 May 2012 - 09:36 PM

hi jeff my netbt file is in my C/ WINDOWS/SYSTEM32/drivers so i think thats good but i still have to restart the DHCP service. overall it seems like it is running good

Edited by portboy123, 19 May 2012 - 01:03 PM.

#111 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 19 May 2012 - 04:49 PM

Hi,

Please run a new scan with DDS and post both the DDS.txt and the Attach.txt to your next reply. :)
Posted Image
 
 

#112 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 19 May 2012 - 09:07 PM

hi jeff thanks for your help its been a long and hard one anyway here is the results . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Frank at 22:54:20 on 2012-05-19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.227 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.yahoo.com/ mStart Page = uSearchAssistant = mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\frank\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://dcode.support.microsoft.com/dcode/ActiveX/MSDcode.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1319572156188 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194880429139 DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{6A7294FE-46F4-4D39-BB22-2F43897138D5} : DhcpNameServer = 192.168.1.1 192.168.1.1 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-16 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-8 337880] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-8 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-8 44768] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-8 654408] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-8 22344] S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\drivers\bulkusb.sys --> c:\windows\system32\drivers\BULKUSB.sys [?] S3 CA500AV;CaptureView VGA;c:\windows\system32\drivers\ca500av.sys --> c:\windows\system32\drivers\CA500AV.SYS [?] S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [2003-7-10 96256] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?] S3 MFE_RR;MFE_RR;\??\c:\docume~1\frank\locals~1\temp\mfe_rr.sys --> c:\docume~1\frank\locals~1\temp\mfe_rr.sys [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-05-19 16:09:44 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys 2012-05-19 16:09:44 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2012-05-18 21:46:29 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2012-05-18 21:45:40 -------- d-----w- c:\program files\Tweaking.com 2012-05-12 02:06:33 -------- d-sha-r- C:\cmdcons 2012-05-09 02:40:33 98816 ----a-w- c:\windows\sed.exe 2012-05-09 02:40:33 518144 ----a-w- c:\windows\SWREG.exe 2012-05-09 02:40:33 256000 ----a-w- c:\windows\PEV.exe 2012-05-09 02:40:33 208896 ----a-w- c:\windows\MBR.exe 2012-05-08 02:06:46 -------- d-----w- c:\documents and settings\frank\application data\DriverCure . ==================== Find3M ==================== . 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-24 15:17:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec 2010-09-05 20:27:24 203776 --sha-w- c:\windows\system32\unrar.exe . ============= FINISH: 22:55:57.75 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/21/2011 11:24:07 PM System Uptime: 5/19/2012 7:42:08 PM (3 hours ago) . Motherboard: ASUSTeK Computer INC. | | WMT-LE Processor: Intel® Pentium® 4 CPU 1500MHz | PGA 423 | 1495/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 13.477 GiB free. D: is CDROM () E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Instant Wireless-B PCI Adapter Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\4&11CD5334&0&50F0 Manufacturer: Linksys Name: Instant Wireless-B PCI Adapter PNP Device ID: PCI\VEN_17FE&DEV_2120&SUBSYS_00201737&REV_00\4&11CD5334&0&50F0 Service: IPN2120 . Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: Lucent Win Modem Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_00\4&11CD5334&0&58F0 Manufacturer: Lucent Name: Lucent Win Modem #2 PNP Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_00\4&11CD5334&0&58F0 Service: Modem . ==== System Restore Points =================== . RP1: 5/13/2012 10:41:56 AM - System Checkpoint RP2: 5/14/2012 3:27:49 PM - Installed Microsoft Fix it 50199 RP3: 5/15/2012 3:41:14 PM - System Checkpoint RP4: 5/17/2012 8:28:44 AM - System Checkpoint RP5: 5/18/2012 7:11:16 PM - System Checkpoint . ==== Installed Programs ====================== . Acrobat.com Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 Art of Wine Professional 3.0.0 avast! Free Antivirus CCleaner Compatibility Pack for the 2007 Office system Creative Jukebox Driver Creative MediaSource Creative Zen Micro Creative Zen Micro (PlaysForSure) EPSON CX6000 Series User's Guide EPSON Printer Software EPSON Scan EPSON Stylus CX6000 Scanner Driver Update EPSON Web-To-Page ERUNT 1.1j Garmin USB Drivers Garmin WebUpdater Glary Utilities Pro 2.44.0.1450 gonefishing_3043512 Screen Saver Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) HP USB Disk Storage Format Tool Java Auto Updater Java™ 6 Update 19 Logitech Vid Logitech Webcam Software Logitech Webcam Software Driver Package Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Small Business Microsoft Visual C Runtime Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) nature_3120380 Screen Saver NVIDIA Windows 2000/XP Display Drivers PC Tools Privacy Guardian 5.0 Picasa 3 QuickTime Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) SIW version 2010.07.14 SpywareBlaster 4.3 SUPERAntiSpyware tropicalreef_3116236 Screen Saver Tweaking.com - Windows Repair (All in One) Unlocker 1.9.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Xvid 1.2.1 final uninstall Yahoo! Mail Advisor Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar Zen Micro Media Explorer . ==== Event Viewer Messages From Past Week ======== . 5/18/2012 9:09:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRdr 5/18/2012 9:09:12 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: The system cannot find the file specified. 5/18/2012 9:09:12 AM, error: Service Control Manager [7000] - The aswRdr service failed to start due to the following error: The system cannot find the file specified. 5/16/2012 11:41:32 AM, error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s). 5/16/2012 11:41:32 AM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). 5/16/2012 11:41:32 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 5/16/2012 11:41:32 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 5/14/2012 9:30:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips NetBT Processor SASDIFSV SASKUTIL 5/14/2012 7:44:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 5/14/2012 6:18:21 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3} 5/14/2012 6:18:21 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C} 5/14/2012 6:00:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBT 5/14/2012 5:59:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBAMService service to connect. 5/14/2012 5:59:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2012 5:59:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2012 5:59:56 PM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/14/2012 5:32:43 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 5/14/2012 5:15:28 AM, error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x20), Please contact your system vendor for technical assistance. 5/14/2012 3:21:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The system cannot find the file specified. 5/14/2012 3:21:21 PM, error: Service Control Manager [7000] - The NetBios over Tcpip service failed to start due to the following error: The system cannot find the file specified. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Yukonwlh service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Vsdatant service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Se44obex service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Ql2100 service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Intcazaudaddservice service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The Hwpsgt service terminated with the following error: The specified module could not be found. 5/14/2012 2:17:41 PM, error: Service Control Manager [7023] - The AcronisOSSReinstallSvc service terminated with the following error: The specified module could not be found. 5/14/2012 2:04:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/14/2012 12:39:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL 5/14/2012 12:39:52 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2012 12:39:52 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/14/2012 11:23:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 5/13/2012 10:24:52 AM, error: SRService [104] - The System Restore initialization process failed. 5/13/2012 10:24:52 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. . ==== End Of File ===========================

Edited by portboy123, 20 May 2012 - 07:34 AM.

#113 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 May 2012 - 11:53 AM

Hi,

Make sure that the three driver files are present

Open Windows Explorer and navigate to C:\WINDOWS\System32\Drivers folder. Make sure that the following files are present in the folder:

afd.sys
tcpip.sys
netbt.sys

If any of those are missing let me know.
Posted Image
 
 

#114 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 20 May 2012 - 08:22 PM

hi jeff, they are all there.

#115 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 May 2012 - 05:57 AM

Copy/Paste the following command in Start >> Run dialog box:

CMD /K SC QC DHCP

When the Command Prompt opens there will be information already showing.
Please right click on the Command Prompt window anywhere in the black area and select Mark.
Now Copy/Paste all the information within the Command Prompt window to your next reply. :)
Posted Image
 
 

    Advertisements

Register to Remove

#116 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 21 May 2012 - 07:50 AM

hi jeff here is the report. this is after i had to start the dhcp client . [SC] GetServiceConfig SUCCESS SERVICE_NAME: DHCP TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem C:\Documents and Settings\Frank>

#117 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 21 May 2012 - 08:01 AM

hi jeff i rebooted and ran that again without dhcp client started here it is [SC] GetServiceConfig SUCCESS SERVICE_NAME: DHCP TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem C:\Documents and Settings\Frank>

#118 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 May 2012 - 10:15 AM

Hi,

Good job!!

Follow the steps below:

Click Start, Run and type DEVMGMT.MSC
In the View menu, click Show hidden devices
Double-click Non-Plug and Play drivers section
Double-click the entry AFD, and click the Driver tab
Set the Startup type to System.
Start the service. Note down the error message if any.
Similarly start the two other drivers namely:

TCP/IP Protocol Driver
NetBios over Tcpip

Close Device Manager and restart Windows

Once complete let me know if you are still having problems with the DHCP service. :)
Posted Image
 
 

#119 portboy123

portboy123

    Authentic Member

  • Authentic Member
  • PipPip
  • 124 posts

Posted 21 May 2012 - 10:46 AM

hi jeff, did as you asked afd was started and set to system - tcp/ip was started and set to system - netbios over tcpip was not started so i started it set to system and rebooted and same thing cannot connect to the internet local area connection acquiring network address just checked again after the reboot and the netbios over tcpip is not started .

Edited by portboy123, 21 May 2012 - 10:54 AM.

#120 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 May 2012 - 10:57 AM

Hi, Ok....We have a couple more avenues that we can try to go down, but in my opinion I think that the best course of action is a format and reinstall of Windows. Sorry to be the bearer of bad news but, unfortunately the ZeroAccess infection can break the system to the point of needing to have the operating system reinstalled even if the infection has been neutralized. We may be working for quite some time and chasing down all sorts of problems even after getting this problem with the DHCP service fixed...if we can get it fixed. What do you think you would like to do?
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·