Confirmed... all my network drivers have been removed.
Printable View
Confirmed... all my network drivers have been removed.
Dial-a-fix Error - 2147024891 was encountered while trying to unregister C:\WINDOWS\SYSTEM32\wuaueng.dll. The error text is: Access is denied.
More:
An error occurred during registration of the file: C:\Windows\system32\wuaueng.dll (Version 7.2.6001.788)
Error 0x80070005: 'Access denied'
Error 127: C:\windows\System32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\iesetup.dll is not DLLinstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\imgutl.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\inseng.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\inseng.dll is not DLLinstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\mshtml.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\mshtml.dll is not DLLinstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\msrating.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\occache.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\occache.dll is not DLLinstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\pngfilt.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\webcheck.dll is not registerable or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
Error 127: C:\windows\System32\webcheck.dll is not DLLinstall-able or the file is corrupted. Your version of iesetup.dll is: 8.00.6001.18702
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Quote:
DEQUARANTINE::
c:\windows\system32\drivers\8354af04.sys
C:\xipr.exe
c:\windows\system32\hppfaxprintermon5.dll
c:\windows\system32\hppfaxprintermonui5.dll
QUIT::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
https://discussions.virtualdr.com/im.../2016/03/2.gif
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
Is the connection back?
Nothing
HJT
Code:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:11 PM, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "c:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (antivirschedulerservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8060 bytes
Did you go through ALL steps from my reply #39, or just Dial-A-Fix?
Aye, they all failed failed to initiate... sorry, I failed to post that bit.
They failed in what way?
Didn't work, yielded some errors....?
Do you have any errors in Device Manager?
"The request is not supported" is the error message that yielded for most of them.
Also, as I mentioned, the drivers for a lot of my hardware have been wiped either by the cleaning or the virus itself.
My 1394 net adapter, direct parallel, ethernet adapters, networking controllers and WAN miniport (IP, L2TP, PPPOE, PPTP) all have the yellow exclamation point status and there is one "Other device" classified as an "unknown device"
OK, OK, then we're getting somewhere...
Try to reinstall them.
Do you have drivers CD?
What's the computer brand, and model?
It is custom built and I am in the process of obtaining them right now. The motherboard model is nVidia 780i.
If you need some help here...
Download System Information for Windows: http://www.gtopala.com/siw-download.html to your Desktop.
Get SIW Standalone (English-Only).
Double click on siw.exe to run the program.
Go File>Create Report File>HTML
Save the file to known location.
Zip the file, and attach it to your next reply.
In any case, let me know, when you're done.
Rebooting now leads me to a black screen... back to square one?
Same in Safe Mode?
When I boot into safemode, it crashes on start.
Also, it automatically goes into CHKDSK and locks the computer afterwards when booting normally.
You installed Recovery Console, so restart computer, and watch the screen closely.
You'll have only couple of seconds to select Recovery Console, instead of normal Windows boot.
When you boot to Recovery Console....
...follow the steps from here: http://icrontic.com/articles/repair_windows_xp, starting below this picture on page 1:
https://discussions.virtualdr.com/
Still booting into black...
Try repair, then: http://www.geekstogo.com/forum/How-t...s-XP-t138.html
So, there was a mishap and the harddrive got fried (click of death)... already looking at ways to retrieve the data, but a new one has been picked up and is in the process of installation right now.
What would you suggest be done to do it to protect it from future issues?
I have installed Avira AntiVir and am running Windows Firewall (deciding between the other two options you provided earlier).
I thought for a moment, it could be some hardware issue, since the computer stopped responding all of sudden for no reason.
At least, we had a good training here :)
Too bad, because the computer was really badly infected, and basically we got it all clean.
Avira is very good. Then, I'd go with Comodo firewall, instead of Windows firewall.
(Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, so you can skip AV installation).
These two:
- SUPERAntiSpyware Free Edition: http://www.superantispyware.com/download.html
- Malwarebytes' Anti-Malware (trial version is fully functionable): http://www.malwarebytes.org/mbam.php
both free, are currently best on the market, regarding malware protection.
Run them on occasion.
Make sure, Windows Updates are current.
Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Also, I am extremely sorry for essentially having wasted your time :( I was so angered when I found that the drive had stopped working.
Look, no time is wasted, if we did something good.
Both of us learned something new :)
Good outlook, haha... I'm going to try to stick around here and help others as well...
I am so grateful for the time you spent assisting me. Doing this kind of stuff over a forum must take real patience and skill. Thank you so much for all the assistance you did provide, despite the ending not being 100% happy.
You're very welcome :)
You have to remember, that of the helpers is forced to be here...hehehe
We do this kind of stuff, because we simply like it.
I'm a physicist by education, and mathematician by love, so you can figure, I like to solve mysteries :)
I ran the series of applications contributed by Broni. I have the following log files. Can anyone help to review this info to see if I am safe to start using my computer again with confidence? It appears to be operating better and the offensive file digest32.dll has disappeared. Thanks.
WilsonBA
You need to start your own topic.
WisonBA.. and paste the contents of the log files into that new post, pls don't attach them.. it makes it hard to read.
thanks for understanding.