Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to access Programs and Wireless Network

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to access Programs and Wireless Network

Unread postby jbitz » April 11th, 2012, 6:56 pm

Whenever a shortcut or program is clicked on to open. It asks for which program to use when the correct program is selected a Windows error that "application not found" is displayed. When I go through the control panel to add or remove programs I get the following windows error "C:\windows\system32\rundll32.exe Application not Found". Also, I am unable to connect with my wifi network.

I see a couple of suspect programs like vgrabber and wondershare.

Here are my attached logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 10:04:15 on 2012-04-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.656 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
E:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\VERIZONDM\bin\tgsrvc.exe
E:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3059010
uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - e:\program files\vgrabber\prxtbVgra.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - e:\program files\startnow toolbar\Toolbar32.dll
BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - e:\program files\vgrabber\prxtbVgra.dll
BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - e:\program files\kensington\mouseworks\IE_KMW.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - e:\program files\startnow toolbar\Toolbar32.dll
TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - e:\program files\vgrabber\prxtbVgra.dll
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "e:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WorkForce 630(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigba.exe /fu "c:\windows\temp\E_S70.tmp" /EF "HKCU"
uRun: [MSMSGS] e:\program files\messenger\msmsgs.exe /background
uRun: [DW6] "e:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [WinPatrol] e:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [kmw_run.exe] kmw_run.exe
mRun: [MSWheel]
mRun: [avast5] "e:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [VERIZONDM] "e:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "e:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXSTM] "e:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [SunJavaUpdateSched] "e:\program files\common files\java\java update\jusched.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.EXE
mRun: [TkBellExe] "e:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: e:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - e:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 0375177044
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{77ABDAB0-36D8-41C5-9A21-859754A550FF} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vgrabber Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT30590 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko19.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko5.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko6.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko7.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko8.dll
FF - component: e:\documents and settings\administrator\application data\mozilla\firefox\profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\components\RadioWMPCoreGecko9.dll
FF - component: e:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: e:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: Vgrabber Community Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - %profile%\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
FF - Ext: Java Quick Starter: jqs@sun.com - e:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RewardsArcade: crossriderapp498@crossrider.com - e:\documents and settings\administrator\local settings\application data\rewardsarcade\498\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - e:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);e:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);e:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;e:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-11-21 16640]
.
=============== File Associations ===============
.
.exe=KIU
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 10:05:00.98 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2010 5:10:35 PM
System Uptime: 4/2/2012 10:00:51 AM (0 hours ago)
.
Motherboard: DELL SYSTEM | | 0WF016
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U1 | 418/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 10 GiB total, 6.255 GiB free.
D: is FIXED (NTFS) - 4 GiB total, 3.808 GiB free.
E: is FIXED (NTFS) - 20 GiB total, 16.277 GiB free.
F: is FIXED (NTFS) - 60 GiB total, 56.687 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 4/1/2012 3:27:20 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Apple Application Support
Apple Software Update
avast! Free Antivirus
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Conexant D480 MDC V.9x Modem
Dell Wireless WLAN Card
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
FoxTab Media Player
Google Chrome
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
Java Auto Updater
Java(TM) 6 Update 26
Kensington MouseWorks
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.22)
Mozilla Thunderbird (3.1.6)
NetWaiting
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RewardsArcade
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
StartNow Toolbar
Texas Instruments PCIxx20 drivers.
The Weather Channel Desktop 6
TIPCIxx20
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Verizon Download Manager
vGrabber
Vgrabber Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
WinPatrol
WModem Driver Installer
Wondershare Streaming Audio Recorder(Build 1.0.9.2)
.
==== End Of File ==========================
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm
Advertisement
Register to Remove

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 12th, 2012, 1:22 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 12th, 2012, 1:35 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi jbitz

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Well, it hasn't taken you long to get re-infected .... viewtopic.php?p=605879#p605879 .... 12 hours must be close to a record even for this forum. You really do need to take more care when you're browsing.

There's one or two things showing on your DDS logs, but before we start to remove them I need you to run a couple of scans for me.

First

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.


Summary of the logs I need from you in your next post:
  • aswMBR log
  • OTL.txt
  • Extras.txt
  • FSS.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 12th, 2012, 11:46 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-12 23:31:26
-----------------------------
23:31:26.161 OS Version: Windows 5.1.2600 Service Pack 3
23:31:26.161 Number of processors: 1 586 0xD06
23:31:26.161 ComputerName: DELL710M UserName:
23:31:26.321 Initialize success
23:31:26.501 AVAST engine defs: 12010701
23:31:37.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:31:37.187 Disk 0 Vendor: ST9100823A 8.03 Size: 95396MB BusType: 3
23:31:37.187 Disk 0 MBR read successfully
23:31:37.187 Disk 0 MBR scan
23:31:37.267 Disk 0 Windows XP default MBR code
23:31:37.267 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
23:31:37.267 Disk 0 Partition - 00 0F Extended LBA 85384 MB offset 20482875
23:31:37.277 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 4000 MB offset 20482938
23:31:37.277 Disk 0 Partition - 00 05 Extended 20002 MB offset 28676025
23:31:37.297 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20002 MB offset 28676088
23:31:37.297 Disk 0 Partition - 00 05 Extended 61381 MB offset 77834925
23:31:37.307 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 61381 MB offset 69641838
23:31:37.317 Disk 0 scanning sectors +195350400
23:31:37.738 Disk 0 scanning C:\WINDOWS\system32\drivers
23:31:45.318 Service scanning
23:31:56.164 Modules scanning
23:32:01.712 Disk 0 trace - called modules:
23:32:01.732 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
23:32:01.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637cab8]
23:32:01.732 3 CLASSPNP.SYS[f7813fd7] -> nt!IofCallDriver -> \Device\00000074[0x863cb9e8]
23:32:01.742 5 ACPI.sys[f776a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8635e940]
23:32:01.842 AVAST engine scan C:\WINDOWS
23:32:08.271 AVAST engine scan C:\WINDOWS\system32
23:33:11.102 AVAST engine scan C:\WINDOWS\system32\drivers
23:33:18.743 AVAST engine scan e:\Documents and Settings\Administrator
23:34:48.131 AVAST engine scan e:\Documents and Settings\All Users.WINDOWS
23:35:14.109 Scan finished successfully
23:36:29.137 Disk 0 MBR has been saved successfully to "e:\Documents and Settings\Administrator\Desktop\MBR.dat"
23:36:29.137 The log file has been saved successfully to "e:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 12th, 2012, 11:47 pm

OTL logfile created on: 4/12/2012 11:41:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = e:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 683.00 Mb Available Physical Memory | 67.86% Memory free
2.37 Gb Paging File | 2.18 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 9.77 Gb Total Space | 6.21 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.81 Gb Free Space | 97.48% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 16.26 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Drive F: | 59.94 Gb Total Space | 56.69 Gb Free Space | 94.57% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 1.94 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Computer Name: DELL710M | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/12 10:23:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/10/25 10:59:16 | 000,244,960 | ---- | M] () -- E:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2010/09/29 04:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- E:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 04:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- E:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 12:59:55 | 001,664,512 | ---- | M] () -- E:\Program Files\Alwil Software\Avast5\defs\12010701\algo.dll
MOD - [2011/10/25 10:59:16 | 000,244,960 | ---- | M] () -- E:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
MOD - [2006/11/01 10:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/10/25 10:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- E:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2010/09/29 04:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- E:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 04:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- E:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- E:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- e:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2010/09/07 11:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 11:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 11:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 11:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 11:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 11:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/11/19 07:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2006/10/12 13:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/03 09:47:20 | 000,010,112 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2006/08/03 09:47:18 | 000,091,648 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_SYS.sys -- (KMW_SYS)
DRV - [2006/08/03 09:46:50 | 000,005,376 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMW_KBD.sys -- (KMW_KBD)
DRV - [2006/07/21 10:42:08 | 000,055,808 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)
DRV - [2004/11/15 13:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/05/26 13:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/11/13 16:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 16:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 16:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3059010
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - SOFTWARE\Classes\CLSID\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}\InprocServer32 File not found
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
IE - HKU\S-1-5-21-2052111302-1580818891-842925246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vgrabber Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3059010&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.4.0
FF - prefs.js..extensions.enabledItems: crossriderapp498@crossrider.com:0.75.36
FF - prefs.js..extensions.enabledItems: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: e:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: E:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: E:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp498@crossrider.com: e:\Documents and Settings\Administrator\Local Settings\Application Data\RewardsArcade\498\Firefox [2011/12/06 23:40:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: e:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/07 00:04:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/12/07 00:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/12/07 00:05:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2011/12/07 00:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins

[2010/12/01 20:48:50 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/12/01 20:48:50 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/04 20:18:34 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\extensions
[2011/12/06 23:39:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/07/21 11:36:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/06 23:57:03 | 000,000,000 | ---D | M] (Vgrabber Community Toolbar) -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
[2011/12/06 23:39:53 | 000,001,945 | ---- | M] () -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\searchplugins\bing-zugo.xml
[2011/11/20 17:37:50 | 000,000,919 | ---- | M] () -- e:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2p9cwtb5.default\searchplugins\conduit.xml
[2012/01/04 20:18:34 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/07/21 11:35:35 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/06 23:40:39 | 000,000,000 | ---D | M] ("RewardsArcade") -- E:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\REWARDSARCADE\498\FIREFOX
[2011/12/07 00:04:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- E:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/07/21 11:35:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- E:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/21 11:35:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3059010
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = e:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = E:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = E:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RewardsArcade = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.11.34_0\
CHR - Extension: Vgrabber = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbkfnmaidigfdgjeffhdmlcjikdbnnop\2.3.1.12_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = e:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2010/11/21 15:53:37 | 000,425,847 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14672 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - e:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - E:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - E:\Program Files\Vgrabber\prxtbVgra.dll File not found
O2 - BHO: (IEHlprObjClass) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - E:\Program Files\Kensington\MouseWorks\IE_KMW.DLL File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - E:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Vgrabber Toolbar) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - E:\Program Files\Vgrabber\prxtbVgra.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] e:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] E:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] E:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [MSWheel] File not found
O4 - HKLM..\Run: [TkBellExe] E:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] E:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2052111302-1580818891-842925246-500..\Run: [DW6] "E:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-2052111302-1580818891-842925246-500..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2052111302-1580818891-842925246-500..\Run: [WorkForce 630(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 0375177044 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: e:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: e:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/18 18:08:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2052111302-1580818891-842925246-500\...exe [@ = KIU] -- "e:\Documents and Settings\Administrator\Local Settings\Application Data\pvc.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/12 23:23:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/12 23:22:05 | 000,000,000 | ---D | C] -- e:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ERUNT
[2012/04/12 23:08:28 | 000,000,000 | RH-D | C] -- e:\Documents and Settings\Administrator\Recent
[2012/04/12 10:23:34 | 000,593,920 | ---- | C] (OldTimer Tools) -- e:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/12 10:23:25 | 004,731,392 | ---- | C] (AVAST Software) -- e:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/04/12 10:23:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- e:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2012/04/02 10:04:15 | 000,000,000 | R--D | C] -- e:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/04/02 10:04:01 | 000,607,260 | R--- | C] (Swearware) -- e:\Documents and Settings\Administrator\Desktop\dds.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/12 23:39:10 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1580818891-842925246-500UA.job
[2012/04/12 23:36:29 | 000,000,512 | ---- | M] () -- e:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/04/12 23:22:05 | 000,000,756 | ---- | M] () -- e:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2012/04/12 23:18:00 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/12 23:18:00 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/12 23:14:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/12 23:13:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/12 10:23:40 | 004,731,392 | ---- | M] (AVAST Software) -- e:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/04/12 10:23:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/12 10:23:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- e:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2012/04/02 09:26:52 | 000,607,260 | R--- | M] (Swearware) -- e:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/04/01 20:58:22 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1580818891-842925246-500Core.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 23:36:29 | 000,000,512 | ---- | C] () -- e:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/04/12 23:22:05 | 000,000,756 | ---- | C] () -- e:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2012/01/04 23:02:29 | 000,014,484 | -HS- | C] () -- e:\Documents and Settings\All Users.WINDOWS\Application Data\148wl81cw72u12151025pwdnof4e525rjf7uj88446x
[2012/01/04 23:02:29 | 000,014,484 | -HS- | C] () -- e:\Documents and Settings\Administrator\Local Settings\Application Data\148wl81cw72u12151025pwdnof4e525rjf7uj88446x
[2011/10/10 19:41:50 | 000,006,144 | ---- | C] () -- e:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 18:31:24 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/31 18:31:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/31 18:31:24 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/31 18:31:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/31 18:31:24 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/31 18:31:24 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/31 18:31:24 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/31 18:31:24 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/31 18:31:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/31 18:31:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/31 18:31:24 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/31 18:31:24 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/31 18:31:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/31 18:31:24 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/31 18:31:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/31 18:31:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/31 18:27:24 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF630.ini
[2010/11/19 17:21:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\kmw_show.exe
[2010/11/19 11:20:18 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2010/11/19 10:02:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 20:55:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/18 19:36:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/11/18 19:36:11 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/11/18 19:36:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/11/18 18:10:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 18:05:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/18 16:00:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/18 15:59:21 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2010/12/31 19:00:54 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Administrator\Application Data\Epson
[2010/11/18 20:52:10 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/11/22 14:23:17 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/11/22 14:11:14 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2010/11/21 16:16:02 | 000,000,000 | -H-D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2010/12/31 18:35:27 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2010/11/18 20:52:05 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
[2010/11/21 16:15:01 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2010/11/22 14:44:43 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\musicjacker
[2010/12/01 19:40:57 | 000,000,000 | ---D | M] -- e:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft

========== Purity Check ==========



< End of report >
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 12th, 2012, 11:48 pm

OTL Extras logfile created on: 4/12/2012 11:41:18 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = e:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.42 Mb Total Physical Memory | 683.00 Mb Available Physical Memory | 67.86% Memory free
2.37 Gb Paging File | 2.18 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 9.77 Gb Total Space | 6.21 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive D: | 3.91 Gb Total Space | 3.81 Gb Free Space | 97.48% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 16.26 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Drive F: | 59.94 Gb Total Space | 56.69 Gb Free Space | 94.57% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 1.94 Gb Free Space | 25.94% Space Free | Partition Type: NTFS

Computer Name: DELL710M | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Classes\<extension>]
.exe [@ = KIU] -- "e:\Documents and Settings\Administrator\Local Settings\Application Data\pvc.exe" -a "%1" %*
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\AVG\AVG10\avgmfapx.exe" = E:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"E:\Program Files\Epson Software\Event Manager\EEventManager.exe" = E:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"E:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = E:\Program Files\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"G:\Common\Driver Update\EDUPDATE.EXE" = G:\Common\Driver Update\EDUPDATE.EXE:*:Enabled:EPSON Driver Update
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = TIPCIxx20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 630 Series" = EPSON WorkForce 630 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTC_WModemDriver" = WModem Driver Installer
"ie8" = Windows Internet Explorer 8
"InstallShield_{33F1EEC8-93C8-4CC5-9C33-6698A4A627BA}" = Texas Instruments PCIxx20 drivers.
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"RealPlayer 15.0" = RealPlayer
"StartNow Toolbar" = StartNow Toolbar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"vGrabber" = vGrabber
"Vgrabber Toolbar" = Vgrabber Toolbar
"Wondershare Streaming Audio Recorder_is1" = Wondershare Streaming Audio Recorder(Build 1.0.9.2)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1580818891-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Media Player" = FoxTab Media Player
"Google Chrome" = Google Chrome
"RewardsArcade" = RewardsArcade

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/27/2011 11:23:17 PM | Computer Name = DELL710M | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 7/28/2011 12:23:17 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/28/2011 12:23:17 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/28/2011 2:23:18 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 240 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/28/2011 2:23:18 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 7/28/2011 6:23:20 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 480 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/28/2011 6:23:20 AM | Computer Name = DELL710M | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 7/28/2011 2:23:23 PM | Computer Name = DELL710M | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 960 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/28/2011 2:23:23 PM | Computer Name = DELL710M | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 4/12/2012 11:33:07 PM | Computer Name = DELL710M | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 12th, 2012, 11:49 pm

Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 12-04-2012 at 23:46:26
Running from "E:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
Attention! C:\WINDOWS\system32\wscsvc.dll is missing.
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2010-11-21 17:33] - [2009-08-06 17:23] - 0022744 ____A (Microsoft Corporation) 02E4055488047729B333F99D93877038

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 13th, 2012, 12:04 am

Hi Gary,

Thanks for taking a look at my problem.

This is a different system (My teenage son's laptop) then the one from 12 hours ago.

I could not run the programs by double clicking or choosing open. The only way I found was to right click and choosing run as current user. I also had to uncheck "protect my computer and data from unauthorized activity". I was able to run the programs successfully. The logs you requested are posted above.

jbitz
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 13th, 2012, 2:03 am

Looking at the logs, there are some major problems with this machine, and there's a fair chance that the only solution to those problems will be to back up your son's personal files and folders, and then re-format the hard drive and re-install Windows.

Before we decide, I'd like to establish just how extensive the damage is.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Copy/Paste the contents of the code box below into the Search: box.
Code: Select all
wscsvc.dll
wuauserv.dll

  • Press the Search Files button.
  • When finished a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Next

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Copy/Paste the contents of the code box below into the Search: box.
Code: Select all
wscsvc
wuauserv

  • Press the Export Service button.
  • When finished a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Summary of the logs I need from you in your next post:
  • Results of the File Search.
  • Results for the Service Export.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 13th, 2012, 5:53 am

Here are the Results:

Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 13-04-2012 at 05:46:09
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "wscsvc.dllwuauserv.dll" =========

====== End Of Search ==

windows Registry Editor version 5.00
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 13th, 2012, 8:38 am

Sorry, I made an error in the last post, please run the scans again using the following instructions.

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Copy/Paste the contents of the code box below into the Search: box.
Code: Select all
wscsvc.dll; wuauserv.dll

  • Press the Search Files button.
  • When finished a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Next

  • Double click FSS.exe to run it. (Vista - W7 users: Please right click on FSS.exe and select Run As Administrator).
  • Copy/Paste the contents of the code box below into the Search: box.
Code: Select all
wscsvc; wuauserv

  • Press the Export Service button.
  • When finished a text file named FSS.txt will be created on your desktop.
  • Copy/Paste the contents in your reply please.

Please post me BOTH logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 13th, 2012, 10:10 pm

Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 13-04-2012 at 22:08:33
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "wscsvc.dll; wuauserv.dll" =========

====== End Of Search ======

Windows Registry Editor Version 5.00
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 14th, 2012, 1:27 am

Is that just the results of the file search, or is it a compilation of both the file search and the registry export?

If it is the latter, then it would be a waste of time for us to attempt to clean this machine, since there is a considerable chunk of Windows missing, which is related to Windows updates, and Windows security. These are key parts of the kernel, and tied into a number of other services and functions and therefore very difficult to patch and/or repair.

The best way to restore functionality to this machine is to reformat the hard drive and re-install Windows.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unable to access Programs and Wireless Network

Unread postby jbitz » April 14th, 2012, 9:05 am

Yeah, that is both reports together.

I'm curious do you have any indication to what in particular caused the missing chunks in the OS?

Again,thanks for taking the time to a look at it for me,

Jbitz
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Unable to access Programs and Wireless Network

Unread postby Gary R » April 14th, 2012, 10:51 am

This usually happens when the machine in question has had a "Zero Access" infection, which has not been removed correctly. As part of its infection process Zero Access modifies and renders several things inoperable .... Windows Updates and Windows Security Center ... are two of them.

However, we don't at this point know whether the infection itself removes the service keys, whether it's a retaliation by the infection when it is removed, or whether they are removed by the program that has attempted to "neutralise" the infection, and has been a bit too enthusiastic in removing the sources of corruption.

There are a number of variations of this infection, and all of them do not necessarily operate in this way, and the different variations can operate in different ways dependant on the Operating System they infect, so without knowing which variant was present on your son's machine it's hard to be more specific.

There were no specific signs of an active ZA infection in the logs you supplied, but missing service keys and inoperable programs are classic symptoms of an incorrectly removed ZA infestation, so I suspect your son was infected and attempted a "self-cure".
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware