XP Home Security 2012

jennifergib7 · December 27, 2011

Please right click to combofix.exe, right click on this, select Rename and change "combofix" in "uninstall". Double click on the renamed file and run it like that.

I changed the file name to 'cfix.exe', ran: cfix /uninstall. Came back saying 'Windows cannot find 'cfix'. Make sure you typed the name correctly....

Elise · December 28, 2011

Please change the name to uninstall.exe and then just double click on it.

jennifergib7 · December 28, 2011

Please change the name to uninstall.exe and then just double click on it.

{Window} 16 bit MS-DOS Subsystem

C:\WINDOW\Prefetch\UNINST~1.EXE

The NTVD CPU has encountered ann illegal instruction.

CS:0dbb IP:0108 OP:0f 00 00 00 74 Choose 'Close' to terminate the application'.

{option} Close/Ignore

Which do I choose?

`

Elise · December 28, 2011

You need to rename the combofix file you downloaded, not the one in prefetch. If you don't have it anymore, then just download a new copy, rename it to uninstall and run it.

jennifergib7 · December 28, 2011

You need to rename the combofix file you downloaded, not the one in prefetch. If you don't have it anymore, then just download a new copy, rename it to uninstall and run it.

OK, now box comes up says {Info} ComboFix is uninstalled.

Elise · December 29, 2011

Okay, now redownload it and try to rerun it. Post the log if/when it is done.

jennifergib7 · December 29, 2011

Okay, now redownload it and try to rerun it. Post the log if/when it is done.

Copied to flash drive, moved to infected computed, copied to desktop. Double-clicked, it ran thru bars, as if installing, a c: prompt window popped up and then closed. Did not produce log.

Elise · December 29, 2011

Please run the following scan.

OTL

-----

Please download OTL from one of the following mirrors:

- This is THE Mirror

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

jennifergib7 · December 29, 2011

Please run the following scan.
OTL
-----
Please download OTL from one of the following mirrors:
This is THE Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Push the button.
[*]Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Only one report was generated: OTL.txt (copy/paste: below)

OTL logfile created on: 12/29/2011 6:29:47 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bric\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 242.43 Mb Available Physical Memory | 47.41% Memory free

1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.72% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.88 Gb Total Space | 33.74 Gb Free Space | 60.38% Space Free | Partition Type: NTFS

Drive D: | 1.95 Gb Total Space | 1.71 Gb Free Space | 87.78% Space Free | Partition Type: FAT

Computer Name: USER-B3DD77A453 | User Name: Bric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 09:57:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bric\Desktop\OTL(1).exe

PRC - [2011/11/22 14:21:11 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/11/22 14:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/11/22 14:20:44 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011/11/22 14:20:42 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/11/22 14:20:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/11/21 02:18:06 | 000,901,800 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2009/06/04 23:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/22 14:20:57 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

MOD - [2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/11/22 14:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/11/22 14:20:44 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011/11/22 14:20:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)

SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - [2011/11/22 14:21:11 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/11/22 14:21:11 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/11/22 14:21:10 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/25 17:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/12/29 07:32:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2008/12/10 13:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/12/16 01:24:28 | 000,196,480 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)

DRV - [2007/12/16 01:24:28 | 000,006,844 | ---- | M] (O2 Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)

DRV - [2007/06/27 07:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)

DRV - [2006/08/15 10:48:20 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

DRV - [2006/06/13 04:27:00 | 000,507,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=APN10023&gct=hp

IE - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FD 93 6F AC BD CC 01 [binary data]

IE - HKU\S-1-5-21-299502267-507921405-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=APN10023&gct=hp"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\crossriderapp435@crossrider.com: C:\Documents and Settings\All Users\Application Data\CodecCheck\firefox [2011/06/17 19:32:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/10 20:13:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 07:29:21 | 000,000,000 | ---D | M]

[2011/12/18 16:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bric\Application Data\Mozilla\Extensions

[2011/12/10 20:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/05/05 17:28:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 17:02:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKU\S-1-5-21-299502267-507921405-854245398-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-299502267-507921405-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-299502267-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ABA3AE1-AB78-4C79-AF34-8551BF06D29D}: DhcpNameServer = 65.32.5.111 65.32.5.112

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/11 04:25:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 10:04:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bric\Desktop\OTL(1).exe

[2011/12/30 08:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\Sun

[2011/12/30 07:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/12/30 07:29:21 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2011/12/30 07:29:21 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/30 07:29:21 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/30 07:29:21 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/30 06:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\jdk1.7.0_02_combo

[2011/12/29 21:16:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/12/29 20:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2011/12/29 16:53:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/12/29 16:53:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\My Documents\My Videos

[2011/12/29 16:53:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\Start Menu\Programs\Administrative Tools

[2011/12/29 16:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Malwarebytes

[2011/12/28 15:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Adobe

[2011/12/28 15:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bric\IECompatCache

[2011/12/23 17:04:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bric\PrivacIE

[2011/12/23 16:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\MSNInstaller

[2011/12/18 16:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\Mozilla

[2011/12/18 16:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Mozilla

[2011/12/18 16:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Sun

[2011/12/18 12:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Avira

[2011/12/18 12:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\SUPERAntiSpyware.com

[2011/12/18 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\AskToolbar

[2011/12/18 12:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\Apple Computer

[2011/12/18 12:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Apple Computer

[2011/12/18 12:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Epson

[2011/12/18 12:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Identities

[2011/12/18 12:41:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\My Documents\My Pictures

[2011/12/18 12:41:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\My Documents\My Music

[2011/12/18 12:41:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bric\IETldCache

[2011/12/18 12:40:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Bric\Application Data\Microsoft

[2011/12/18 12:40:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bric\SendTo

[2011/12/18 12:40:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bric\Recent

[2011/12/18 12:40:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bric\Application Data

[2011/12/18 12:40:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\Start Menu\Programs\Startup

[2011/12/18 12:40:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\Start Menu

[2011/12/18 12:40:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\My Documents

[2011/12/18 12:40:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\Favorites

[2011/12/18 12:40:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bric\Start Menu\Programs\Accessories

[2011/12/18 12:40:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bric\Cookies

[2011/12/18 12:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bric\Templates

[2011/12/18 12:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bric\PrintHood

[2011/12/18 12:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bric\NetHood

[2011/12/18 12:40:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bric\Local Settings

[2011/12/18 12:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\Microsoft

[2011/12/18 12:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Application Data\Macromedia

[2011/12/18 12:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Desktop

[2011/12/18 12:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bric\Local Settings\Application Data\Adobe

[2011/12/18 04:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2011/12/18 03:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/12/17 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/17 21:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/12/17 19:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Disney

[2011/12/15 15:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/12/15 15:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/12/15 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/12/15 14:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira

[2011/12/15 14:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2011/12/15 14:43:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2011/12/15 14:43:37 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2011/12/15 14:43:37 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2011/12/15 14:43:37 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys

[2011/12/15 14:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/12/15 14:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2011/12/14 19:14:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Downloads

[2011/12/14 04:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sdtmp

[2011/12/13 19:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/12/13 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/12/13 19:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/12/06 20:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2011/12/06 18:50:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2011/12/05 19:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner

[2011/12/05 17:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Finale 2012

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 07:29:02 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/12/30 07:29:02 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/12/30 07:29:02 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/12/30 07:29:02 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/12/30 07:29:01 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2011/12/30 07:29:01 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2011/12/29 21:02:57 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/12/29 18:36:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job

[2011/12/29 18:28:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/29 17:44:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/12/29 17:02:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/12/29 16:30:13 | 000,013,216 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\xhjvql3i4yxp4ume2wny4f745o4j

[2011/12/29 12:41:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/27 18:55:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/12/23 09:57:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bric\Desktop\OTL(1).exe

[2011/12/18 12:41:40 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Bric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/12/18 12:41:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Bric\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2011/12/15 15:05:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/15 14:45:05 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/12/15 09:04:51 | 000,002,600 | ---- | M] () -- C:\xp_exe_fix.reg

[2011/12/15 04:44:42 | 000,017,106 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\173516x1g286j182n624q0xwd5b2

[2011/12/14 19:32:01 | 000,218,624 | ---- | M] (Xerox Imaging Systems) -- C:\WINDOWS\System32\SETUP.DLL

[2011/12/14 07:11:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/12/13 19:47:05 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/12/10 20:13:54 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/11/29 19:50:01 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 12:41:40 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Bric\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/12/18 12:41:40 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Bric\Start Menu\Programs\Internet Explorer.lnk

[2011/12/18 12:41:38 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bric\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2011/12/18 12:41:22 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Bric\Start Menu\Programs\Outlook Express.lnk

[2011/12/18 12:40:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Bric\Start Menu\Programs\Remote Assistance.lnk

[2011/12/18 12:40:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Bric\Start Menu\Programs\Windows Media Player.lnk

[2011/12/17 21:44:43 | 000,013,216 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xhjvql3i4yxp4ume2wny4f745o4j

[2011/12/15 15:05:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/15 14:45:05 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

[2011/12/15 14:44:45 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2011/12/13 19:47:05 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/12/10 20:13:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/12/10 20:13:54 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/12/06 18:21:50 | 000,017,106 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\173516x1g286j182n624q0xwd5b2

[2011/12/05 19:55:05 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job

[2011/09/12 21:32:30 | 000,019,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/05/22 21:44:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI

[2011/05/21 14:27:13 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat

[2011/05/21 14:27:13 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat

[2011/05/21 14:27:13 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat

[2011/05/21 14:27:13 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat

[2011/05/21 14:27:13 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat

[2011/05/21 14:27:13 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat

[2011/05/21 14:27:13 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat

[2011/05/21 14:27:13 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat

[2011/05/21 14:27:13 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat

[2011/05/21 14:27:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat

[2011/05/21 14:27:13 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat

[2011/05/21 14:27:13 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat

[2011/05/21 14:27:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat

[2011/05/21 14:27:13 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat

[2011/05/21 14:27:13 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat

[2011/05/21 14:27:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2011/05/21 14:25:34 | 000,000,089 | ---- | C] () -- C:\WINDOWS\EPWF610.ini

[2011/05/07 07:30:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/23 17:51:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/10/11 04:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/10/11 04:47:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2009/10/11 04:46:52 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2009/10/11 04:46:50 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2009/10/11 04:46:50 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2009/10/11 04:28:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/10/11 04:21:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/10/10 21:13:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/10/10 21:12:05 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/03 18:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/02 07:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/08/23 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 11:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 10:00:00 | 000,433,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 10:00:00 | 000,068,232 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Elise · December 30, 2011

That all looks good. At this point how is your computer behaving? What problems do you still have (aside from internet issues)?

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

jennifergib7 · December 30, 2011

That all looks good. At this point how is your computer behaving? What problems do you still have (aside from internet issues)?
Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

The internet was the only thing this computer was used for. I think that's the only thing. FSS.txt is copy/paste below:

Farbar Service Scanner

Ran by user (administrator) on 30-12-2011 at 04:44:05

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to retrieve start type of NetBt. The value does not exist.

Checking ImagePath: Attention! Unable to retrieve ImagePath of NetBt. The value does not exist.

Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(4) IPSec(6) irda(3) PSched(8) Tcpip(5)

0x080000000600000001000000020000000300000004000000050000000700000008000000

**** End of log ****

Elise · December 30, 2011

Hi again,

Let me know if the internet runs after the following steps (when done, restart your computer!).

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

Please download Erunt
Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We Need to Run a Registry Script

Go to Start -> Run...
Enter notepad in the Run dialog box.
Press .

Highlight the contents of the following codebox, and copy and paste that text into notepad.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage]
"OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
  00,69,00,70,00,5f,00,7b,00,45,00,36,00,44,00,33,00,31,00,34,00,43,00,43,00,\
  2d,00,39,00,43,00,31,00,35,00,2d,00,34,00,35,00,46,00,46,00,2d,00,39,00,41,\
  00,39,00,43,00,2d,00,46,00,35,00,32,00,34,00,35,00,42,00,41,00,36,00,45,00,\
  41,00,42,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,35,00,37,00,34,00,42,00,\
  36,00,36,00,36,00,2d,00,39,00,34,00,30,00,45,00,2d,00,34,00,41,00,41,00,31,\
  00,2d,00,38,00,45,00,33,00,42,00,2d,00,33,00,31,00,30,00,32,00,44,00,44,00,\
  33,00,39,00,42,00,42,00,43,00,31,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
  00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,32,00,\
  37,00,34,00,44,00,35,00,42,00,38,00,2d,00,36,00,34,00,42,00,46,00,2d,00,34,\
  00,41,00,46,00,34,00,2d,00,39,00,43,00,45,00,31,00,2d,00,43,00,38,00,37,00,\
  34,00,35,00,31,00,31,00,38,00,41,00,35,00,36,00,32,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,45,\
  00,36,00,44,00,33,00,31,00,34,00,43,00,43,00,2d,00,39,00,43,00,31,00,35,00,\
  2d,00,34,00,35,00,46,00,46,00,2d,00,39,00,41,00,39,00,43,00,2d,00,46,00,35,\
  00,32,00,34,00,35,00,42,00,41,00,36,00,45,00,41,00,42,00,37,00,7d,00,22,00,\
  00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,\
  00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
  00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,36,00,\
  44,00,33,00,31,00,34,00,43,00,43,00,2d,00,39,00,43,00,31,00,35,00,2d,00,34,\
  00,35,00,46,00,46,00,2d,00,39,00,41,00,39,00,43,00,2d,00,46,00,35,00,32,00,\
  34,00,35,00,42,00,41,00,36,00,45,00,41,00,42,00,37,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,35,00,37,00,34,00,42,00,36,\
  00,36,00,36,00,2d,00,39,00,34,00,30,00,45,00,2d,00,34,00,41,00,41,00,31,00,\
  2d,00,38,00,45,00,33,00,42,00,2d,00,33,00,31,00,30,00,32,00,44,00,44,00,33,\
  00,39,00,42,00,42,00,43,00,31,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,5f,00,7b,00,41,00,32,00,37,00,34,00,44,00,35,00,42,00,38,00,2d,00,\
  36,00,34,00,42,00,46,00,2d,00,34,00,41,00,46,00,34,00,2d,00,39,00,43,00,45,\
  00,31,00,2d,00,43,00,38,00,37,00,34,00,35,00,31,00,31,00,38,00,41,00,35,00,\
  36,00,32,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"NbProvider"="_tcp"
"NameServerPort"=dword:00000089
"CacheTimeout"=dword:000927c0
"BcastNameQueryCount"=dword:00000003
"BcastQueryTimeout"=dword:000002ee
"NameSrvQueryCount"=dword:00000003
"NameSrvQueryTimeout"=dword:000005dc
"Size/Small/Medium/Large"=dword:00000001
"SessionKeepAlive"=dword:0036ee80
"TransportBindName"="\\Device\\"
"EnableLMHOSTS"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000
"DhcpNameServerList"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,33,00,33,00,2e,00,32,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Security]
"Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
  00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
  00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
  01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Enum]
"0"="Root\\LEGACY_NETBT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Select File -> Save.
Press the Desktop button on the left side of the save dialog.
In the box, type in Fix.reg.
Press .
Close Notepad.
Double click on your desktop.
Press Yes, and then Ok, when prompted.
Right click on and choose Delete.
Press Yes.

jennifergib7 · December 31, 2011

Hi again,

Let me know if the internet runs after the following steps (when done, restart your computer!).

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

Please download Erunt
Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We Need to Run a Registry Script

Go to Start -> Run...
Enter notepad in the Run dialog box.
Press .

Highlight the contents of the following codebox, and copy and paste that text into notepad.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000006
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="NetBios over Tcpip"
"Group"="PNP_TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="NetBios over Tcpip"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage]
"OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
  00,69,00,70,00,5f,00,7b,00,45,00,36,00,44,00,33,00,31,00,34,00,43,00,43,00,\
  2d,00,39,00,43,00,31,00,35,00,2d,00,34,00,35,00,46,00,46,00,2d,00,39,00,41,\
  00,39,00,43,00,2d,00,46,00,35,00,32,00,34,00,35,00,42,00,41,00,36,00,45,00,\
  41,00,42,00,37,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
  00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,35,00,37,00,34,00,42,00,\
  36,00,36,00,36,00,2d,00,39,00,34,00,30,00,45,00,2d,00,34,00,41,00,41,00,31,\
  00,2d,00,38,00,45,00,33,00,42,00,2d,00,33,00,31,00,30,00,32,00,44,00,44,00,\
  33,00,39,00,42,00,42,00,43,00,31,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
  00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,32,00,\
  37,00,34,00,44,00,35,00,42,00,38,00,2d,00,36,00,34,00,42,00,46,00,2d,00,34,\
  00,41,00,46,00,34,00,2d,00,39,00,43,00,45,00,31,00,2d,00,43,00,38,00,37,00,\
  34,00,35,00,31,00,31,00,38,00,41,00,35,00,36,00,32,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,45,\
  00,36,00,44,00,33,00,31,00,34,00,43,00,43,00,2d,00,39,00,43,00,31,00,35,00,\
  2d,00,34,00,35,00,46,00,46,00,2d,00,39,00,41,00,39,00,43,00,2d,00,46,00,35,\
  00,32,00,34,00,35,00,42,00,41,00,36,00,45,00,41,00,42,00,37,00,7d,00,22,00,\
  00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,\
  00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
  00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,36,00,\
  44,00,33,00,31,00,34,00,43,00,43,00,2d,00,39,00,43,00,31,00,35,00,2d,00,34,\
  00,35,00,46,00,46,00,2d,00,39,00,41,00,39,00,43,00,2d,00,46,00,35,00,32,00,\
  34,00,35,00,42,00,41,00,36,00,45,00,41,00,42,00,37,00,7d,00,00,00,5c,00,44,\
  00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
  54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,35,00,37,00,34,00,42,00,36,\
  00,36,00,36,00,2d,00,39,00,34,00,30,00,45,00,2d,00,34,00,41,00,41,00,31,00,\
  2d,00,38,00,45,00,33,00,42,00,2d,00,33,00,31,00,30,00,32,00,44,00,44,00,33,\
  00,39,00,42,00,42,00,43,00,31,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
  63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
  00,70,00,5f,00,7b,00,41,00,32,00,37,00,34,00,44,00,35,00,42,00,38,00,2d,00,\
  36,00,34,00,42,00,46,00,2d,00,34,00,41,00,46,00,34,00,2d,00,39,00,43,00,45,\
  00,31,00,2d,00,43,00,38,00,37,00,34,00,35,00,31,00,31,00,38,00,41,00,35,00,\
  36,00,32,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"NbProvider"="_tcp"
"NameServerPort"=dword:00000089
"CacheTimeout"=dword:000927c0
"BcastNameQueryCount"=dword:00000003
"BcastQueryTimeout"=dword:000002ee
"NameSrvQueryCount"=dword:00000003
"NameSrvQueryTimeout"=dword:000005dc
"Size/Small/Medium/Large"=dword:00000001
"SessionKeepAlive"=dword:0036ee80
"TransportBindName"="\\Device\\"
"EnableLMHOSTS"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{1574B666-940E-4AA1-8E3B-3102DD39BBC1}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{A274D5B8-64BF-4AF4-9CE1-C8745118A562}]
"NameServerList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E6D314CC-9C15-45FF-9A9C-F5245BA6EAB7}]
"NameServerList"=hex(7):00,00
"NetbiosOptions"=dword:00000000
"DhcpNameServerList"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
  00,33,00,33,00,2e,00,32,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Security]
"Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
  00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
  00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
  01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Enum]
"0"="Root\\LEGACY_NETBT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Select File -> Save.
Press the Desktop button on the left side of the save dialog.
In the box, type in Fix.reg.
Press .
Close Notepad.
Double click on your desktop.
Press Yes, and then Ok, when prompted.
Right click on and choose Delete.
Press Yes.

Ok, completed that. When I try connecting to internet, it is still saying 'acquiring network address'?? Will not let me connect.??

Elise · December 31, 2011

Can you please rerun FSS and post me the new log?

Have you restarted your computer and tried again? If not, please do so.

jennifergib7 · December 31, 2011

Can you please rerun FSS and post me the new log?
Have you restarted your computer and tried again? If not, please do so.

I just tried 'repair' internet connection: Bottom right screen, computer icon has a yellow dot floating back/forth, while box in middle of screen {Repair Wireless Network Connection} says 'Windows is taking the following action: Renewing your IP address'...............and it stays stuck here. Yes, last night I did restart the computer and again this morning.

The following is new FSS.txt:

Farbar Service Scanner

Ran by Bric (administrator) on 31-12-2011 at 06:00:25

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:

The start type of NetBt service is OK.

The ImagePath of NetBt service is OK.

Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error: Google IP is unreachable

Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5)

0x080000000600000001000000020000000300000004000000050000000700000008000000

**** End of log ****

Elise · January 1, 2012

Please do the following and let me know if things are improved after a reboot.

Be sure to back up your registry with ERUNT before proceeding!

We Need to Run a Registry Script

Go to Start -> Run...
Enter notepad in the Run dialog box.
Press .

Highlight the contents of the following codebox, and copy and paste that text into notepad.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000]
"Service"="NetBT"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="NetBios over Tcpip"
"Capabilities"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\Control]
"ActiveService"="NetBT"

Select File -> Save.
Press the Desktop button on the left side of the save dialog.
In the box, type in Fix.reg.
Press .
Close Notepad.
Double click on your desktop.
Press Yes, and then Ok, when prompted.
Right click on and choose Delete.
Press Yes.

jennifergib7 · January 1, 2012

Once I double clicked the fix.reg, I then clicked 'yes' to add info to C:\Documents and Settings\Bric\Desktop\Fix.reg to the registry.

New box {Registry Editor} 'Cannot import C:\Documents and Settings\Bric\Desktop\Fix.reg: Error accessing the registry.'

I guess it won't let me??

Elise · January 1, 2012

Can you please reboot in Safe Mode and try it from there?

jennifergib7 · January 1, 2012

Can you please reboot in Safe Mode and try it from there?

Gave me same Registry Editor: Cannot import C:Documents and Settings\Administrator\Desktop\Fix.reg:Error accessing the registry.

Elise · January 2, 2012

Try this:

CF-SCRIPT

-------------

We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000]
"Service"="NetBT"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="NetBios over Tcpip"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\Control]
"ActiveService"="NetBT"

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

jennifergib7 · January 2, 2012

Try this:
CF-SCRIPT
-------------
We need to execute a CF-script.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000]
"Service"="NetBT"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="NetBios over Tcpip"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\Control]
"ActiveService"="NetBT"
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Before combofix ran, it stated this was outdated and would be run in reduced form. Here is log:

ComboFix 11-12-27.01 - Bric 01/02/2012 8:57.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.240 [GMT -5:00]

Running from: c:\documents and settings\Bric\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bric\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))

.

2011-12-18 22:21 . 2011-12-29 16:59 -------- d-----w- c:\documents and settings\Guest

2011-12-18 17:40 . 2012-01-02 02:40 -------- d-----w- c:\documents and settings\Bric

2011-12-18 09:02 . 2011-12-18 09:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-18 00:15 . 2011-12-18 00:15 -------- d-----w- c:\program files\Disney

2011-12-15 20:05 . 2011-12-16 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-15 20:05 . 2011-12-15 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-12-15 19:44 . 2011-12-15 19:44 -------- d-----w- c:\program files\Ask.com

2011-12-15 19:43 . 2011-11-22 19:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-15 19:43 . 2011-11-22 19:21 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-15 19:43 . 2011-11-22 19:21 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-15 19:43 . 2011-12-15 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-12-15 19:43 . 2011-12-15 19:43 -------- d-----w- c:\program files\Avira

2011-12-15 00:14 . 2011-12-15 00:14 -------- d-----w- c:\windows\system32\Downloads

2011-12-14 09:53 . 2011-12-14 10:16 -------- d-----w- c:\windows\system32\sdtmp

2011-12-14 00:45 . 2011-12-14 00:45 -------- d-----w- c:\program files\iPod

2011-12-14 00:45 . 2011-12-14 00:47 -------- d-----w- c:\program files\iTunes

2011-12-07 01:21 . 2011-12-07 01:21 -------- d-----w- c:\windows\system32\LogFiles

2011-12-06 23:47 . 2011-12-29 18:58 -------- d-----w- c:\documents and settings\Administrator

2011-12-06 00:55 . 2011-12-06 00:55 -------- d-sh--w- c:\documents and settings\user\IECompatCache

2011-12-06 00:03 . 2011-12-06 23:36 -------- d-----w- c:\program files\AP Tuner

2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Finale 2012

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-30 12:29 . 2010-12-28 19:44 141312 ----a-w- c:\windows\system32\javacpl.cpl

2011-12-30 12:29 . 2010-12-28 19:44 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-15 14:04 . 2002-02-27 19:12 2600 ----a-w- C:\xp_exe_fix.reg

2011-12-15 00:32 . 1998-12-10 17:33 218624 ----a-w- c:\windows\system32\SETUP.DLL

2011-12-14 12:11 . 2011-06-17 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-10 14:22 . 2009-10-11 09:22 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-11-21 04:04 . 2011-12-11 01:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-11-21 07:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-21 901800]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-22 258512]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

.

c:\documents and settings\Bric\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/15/2011 2:43 PM 36000]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2011 2:43 PM 86224]

R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2011 2:43 PM 463824]

R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10/11/2009 4:42 AM 196480]

S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10/11/2009 4:42 AM 6844]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-11-21 07:18]

.

2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\documents and settings\Bric\Application Data\Mozilla\Firefox\Profiles\7rtrtptl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-02 09:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

c:\windows\$NtUninstallKB10197$:SummaryInformation 0 bytes hidden from API

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(840)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

- - - - - - - > 'explorer.exe'(2276)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-01-02 09:02:37

ComboFix-quarantined-files.txt 2012-01-02 14:02

.

Pre-Run: 35,906,244,608 bytes free

Post-Run: 35,902,795,776 bytes free

.

- - End Of File - - C6631F1E100FCED2CA752804C26AADA5

Elise · January 3, 2012

Does the internet work now (after a reboot)? If not, post me a new FSS log.

jennifergib7 · January 3, 2012

Does the internet work now (after a reboot)? If not, post me a new FSS log.

My laptop which I was using to 'heal' the bad one, is now having the same issue with the internet connection. "Acquiring Network Address" nothing else. Today I am on a borrowed desktop, which I don't want to endanger. I used my laptop to check the flash drive for virus. It showed a file d:/zb4meta.info. I deleted it from flash drive. Where can I go from here? The desktop is my mom's and I'm afraid to use the flashdrive on her computer because I don't want to infect another computer.

jennifergib7 · January 3, 2012

My laptop which I was using to 'heal' the bad one, is now having the same issue with the internet connection. "Acquiring Network Address" nothing else. Today I am on a borrowed desktop, which I don't want to endanger. I used my laptop to check the flash drive for virus. It showed a file d:/zb4meta.info. I deleted it from flash drive. Where can I go from here? The desktop is my mom's and I'm afraid to use the flashdrive on her computer because I don't want to infect another computer.

PS I have ERUNT installed on my laptop and it does have daily back-ups on it; however I don't know how to restore??

Elise · January 3, 2012

have you tried to see if the computer we try to fix has internet connection now?

XP Home Security 2012

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information