Jump to content

jennifergib7

Honorary Members
  • Posts

    99
  • Joined

  • Last visited

Everything posted by jennifergib7

  1. This is a list from the laptop event viewer, does this tell you anything? ==== Event Viewer Messages From Past Week ======== . 1/9/2012 9:02:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 1/9/2012 9:02:29 PM, error: Service Control Manager [7000] - The NetBios over Tcpip service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 1/9/2012 8:29:28 AM, error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized. 1/9/2012 6:55:39 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 1/9/2012 6:55:39 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 1/7/2012 6:52:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBT 1/12/2012 8:40:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 1/12/2012 8:37:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm NetBT SASDIFSV SASKUTIL ssmdrv 1/12/2012 8:37:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  2. Neither one of my laptops have cd burners.....
  3. I did not get an error message so I assume it worked. It asked if I wanted to add this to the registry, and I clicked yes.
  4. Here is the new FSS log: Farbar Service Scanner Ran by Bric (administrator) on 11-01-2012 at 10:16:52 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: The start type of NetBt service is OK. The ImagePath of NetBt service is OK. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
  5. While waiting, I went to smartestcomputing.us.com and downloaded registry network keys for XP. I merged the file netbt.reg, but to know avail I still don't have internet.....
  6. FSS log followed: Farbar Service Scanner Ran by Bric (administrator) on 11-01-2012 at 07:46:13 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: The start type of NetBt service is OK. The ImagePath of NetBt service is OK. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
  7. Still no internet. CFScript below, I will no run FSS log and post next. ComboFix 12-01-10.02 - Bric 01/11/2012 7:16.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.133 [GMT -5:00] Running from: D:\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2012-01-10 00:08 . 2012-01-10 00:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-10 00:08 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-30 22:00 . 2011-12-30 22:01 -------- d-----w- c:\program files\ERUNT 2011-12-30 12:29 . 2011-12-30 12:29 -------- d-----w- c:\program files\Common Files\Java 2011-12-30 12:29 . 2011-12-30 12:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-30 02:08 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-12-29 19:53 . 2011-12-29 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-12-29 18:01 . 2011-12-29 18:01 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-12-29 17:43 . 2011-12-29 17:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2011-12-29 17:32 . 2011-12-29 17:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-12-18 22:21 . 2011-12-29 16:59 -------- d-----w- c:\documents and settings\Guest 2011-12-18 17:40 . 2012-01-10 18:56 -------- d-----w- c:\documents and settings\Bric 2011-12-18 09:02 . 2011-12-18 09:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-12-18 00:15 . 2011-12-18 00:15 -------- d-----w- c:\program files\Disney 2011-12-15 20:05 . 2011-12-16 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-15 20:05 . 2011-12-15 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-12-15 19:44 . 2011-12-15 19:44 -------- d-----w- c:\program files\Ask.com 2011-12-15 19:43 . 2011-11-22 19:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-12-15 19:43 . 2011-11-22 19:21 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-12-15 19:43 . 2011-11-22 19:21 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-12-15 19:43 . 2011-12-15 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-12-15 19:43 . 2011-12-15 19:43 -------- d-----w- c:\program files\Avira 2011-12-15 00:14 . 2011-12-15 00:14 -------- d-----w- c:\windows\system32\Downloads 2011-12-14 09:53 . 2011-12-14 10:16 -------- d-----w- c:\windows\system32\sdtmp 2011-12-14 00:45 . 2011-12-14 00:45 -------- d-----w- c:\program files\iPod 2011-12-14 00:45 . 2011-12-14 00:47 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 12:29 . 2010-12-28 19:44 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-30 12:29 . 2010-12-28 19:44 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-15 14:04 . 2002-02-27 19:12 2600 ----a-w- C:\xp_exe_fix.reg 2011-12-15 00:32 . 1998-12-10 17:33 218624 ----a-w- c:\windows\system32\SETUP.DLL 2011-12-14 12:11 . 2011-06-17 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-11-21 04:04 . 2011-12-11 01:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-09_12.40.04 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-11 11:42 . 2012-01-11 11:42 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat + 2012-01-11 11:44 . 2012-01-11 11:44 208896 c:\windows\ERDNT\AutoBackup\1-11-2012\Users\00000002\UsrClass.dat + 2012-01-11 11:44 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\1-11-2012\ERDNT.EXE + 2012-01-10 08:57 . 2012-01-10 08:57 208896 c:\windows\ERDNT\AutoBackup\1-10-2012\Users\00000002\UsrClass.dat + 2012-01-10 08:57 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\1-10-2012\ERDNT.EXE + 2012-01-11 11:45 . 2012-01-11 11:45 208896 c:\windows\ERDNT\1-11-2012\Users\00000002\UsrClass.dat + 2012-01-11 11:45 . 2005-10-20 17:02 163328 c:\windows\ERDNT\1-11-2012\ERDNT.EXE + 2012-01-11 11:44 . 2012-01-11 11:44 1372160 c:\windows\ERDNT\AutoBackup\1-11-2012\Users\00000001\NTUSER.DAT + 2012-01-10 08:57 . 2012-01-10 08:57 1372160 c:\windows\ERDNT\AutoBackup\1-10-2012\Users\00000001\NTUSER.DAT + 2012-01-11 11:45 . 2012-01-11 11:45 1372160 c:\windows\ERDNT\1-11-2012\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-11-21 07:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-21 901800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-22 258512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . c:\documents and settings\Bric\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/15/2011 2:43 PM 36000] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2011 2:43 PM 86224] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2012 7:08 PM 652872] R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10/11/2009 4:42 AM 196480] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/9/2012 7:08 PM 20464] S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2011 2:43 PM 463824] S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10/11/2009 4:42 AM 6844] . Contents of the 'Scheduled Tasks' folder . 2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-01-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-11-21 07:18] . 2012-01-11 c:\windows\Tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 FF - ProfilePath - c:\documents and settings\Bric\Application Data\Mozilla\Firefox\Profiles\7rtrtptl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 07:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(780) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(684) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-01-11 07:27:08 ComboFix-quarantined-files.txt 2012-01-11 12:27 ComboFix2.txt 2012-01-09 21:38 . Pre-Run: 35,596,480,512 bytes free Post-Run: 35,581,743,104 bytes free . - - End Of File - - 6A543450C2C2F7ED6F81931AB8DF79FD
  8. Yes, once I completed the combofix yesterday I the ran combofix again. Still no internet.
  9. FSS.txt as follows: Farbar Service Scanner Ran by Bric (administrator) on 10-01-2012 at 03:58:09 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: The start type of NetBt service is OK. The ImagePath of NetBt service is OK. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: =========== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
  10. failed to download required files because 'no internet connection'.....'shall continue scanning for malware'. ComboFix - Zero Access {You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to to connect to the internet after running ComboFix, reboot and see if that fixes it. If it's not fixed, run ComboFix, one more time.} ROOTKIT {Rootkit is detected Be patient as this may take a few moments} Combofix requested to reboot computer. (7:29 am) ComboFix preparing to run.... PC rebooted second time (7:38am) ComboFix - Find3M {Preparing Log Report} LOG REPORT: ComboFix 12-01-09.02 - Bric 01/09/2012 7:29.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.195 [GMT -5:00] Running from: c:\documents and settings\Bric\Desktop\ComboFix.exe Command switches used :: D:\CFScript.txt AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\$NtUninstallKB10197$ c:\windows\$NtUninstallKB10197$\1610381353\@ c:\windows\$NtUninstallKB10197$\1610381353\bckfg.tmp c:\windows\$NtUninstallKB10197$\1610381353\cfg.ini c:\windows\$NtUninstallKB10197$\1610381353\Desktop.ini c:\windows\$NtUninstallKB10197$\1610381353\keywords c:\windows\$NtUninstallKB10197$\1610381353\kwrd.dll c:\windows\$NtUninstallKB10197$\1610381353\L\ykxhorlo c:\windows\$NtUninstallKB10197$\1610381353\lsflt7.ver c:\windows\$NtUninstallKB10197$\1610381353\U\00000001.@ c:\windows\$NtUninstallKB10197$\1610381353\U\00000002.@ c:\windows\$NtUninstallKB10197$\1610381353\U\00000004.@ c:\windows\$NtUninstallKB10197$\1610381353\U\80000000.@ c:\windows\$NtUninstallKB10197$\1610381353\U\80000004.@ c:\windows\$NtUninstallKB10197$\1610381353\U\80000032.@ c:\windows\$NtUninstallKB10197$\659631011 . . ((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 ))))))))))))))))))))))))))))))) . . 2011-12-29 19:53 . 2011-12-29 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-12-29 18:01 . 2011-12-29 18:01 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-12-29 17:43 . 2011-12-29 17:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2011-12-29 17:32 . 2011-12-29 17:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-12-18 22:21 . 2011-12-29 16:59 -------- d-----w- c:\documents and settings\Guest 2011-12-18 17:40 . 2012-01-09 12:37 -------- d-----w- c:\documents and settings\Bric 2011-12-18 09:02 . 2011-12-18 09:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-12-18 00:15 . 2011-12-18 00:15 -------- d-----w- c:\program files\Disney 2011-12-15 20:05 . 2011-12-16 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-15 20:05 . 2011-12-15 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-12-15 19:44 . 2011-12-15 19:44 -------- d-----w- c:\program files\Ask.com 2011-12-15 19:43 . 2011-11-22 19:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-12-15 19:43 . 2011-11-22 19:21 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-12-15 19:43 . 2011-11-22 19:21 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-12-15 19:43 . 2011-12-15 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-12-15 19:43 . 2011-12-15 19:43 -------- d-----w- c:\program files\Avira 2011-12-15 00:14 . 2011-12-15 00:14 -------- d-----w- c:\windows\system32\Downloads 2011-12-14 09:53 . 2011-12-14 10:16 -------- d-----w- c:\windows\system32\sdtmp 2011-12-14 00:45 . 2011-12-14 00:45 -------- d-----w- c:\program files\iPod 2011-12-14 00:45 . 2011-12-14 00:47 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 12:29 . 2010-12-28 19:44 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-30 12:29 . 2010-12-28 19:44 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-15 14:04 . 2002-02-27 19:12 2600 ----a-w- C:\xp_exe_fix.reg 2011-12-15 00:32 . 1998-12-10 17:33 218624 ----a-w- c:\windows\system32\SETUP.DLL 2011-12-14 12:11 . 2011-06-17 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-11-21 04:04 . 2011-12-11 01:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-11-21 07:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-21 901800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-22 258512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] . c:\documents and settings\Bric\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/15/2011 2:43 PM 36000] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2011 2:43 PM 86224] R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10/11/2009 4:42 AM 196480] S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2011 2:43 PM 463824] S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10/11/2009 4:42 AM 6844] . Contents of the 'Scheduled Tasks' folder . 2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-01-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-11-21 07:18] . 2012-01-09 c:\windows\Tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 FF - ProfilePath - c:\documents and settings\Bric\Application Data\Mozilla\Firefox\Profiles\7rtrtptl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-09 07:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(520) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(884) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-01-09 07:45:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-09 12:45 . Pre-Run: 35,744,354,304 bytes free Post-Run: 35,747,368,960 bytes free . - - End Of File - - B8C215E42EB0460A31515C22147CAD1B
  11. Yes, I had done that earlier and I was going to do it again just now, except when I go to 'restore' it doesn't let me go back any farther than Dec. 29 2011? And the internet issue started before that.
  12. We bought this laptop used and we've had it about 2-3 years. Everything on it was preloaded so we don't have any disks.
  13. No, I still have yellow floating dot on the internet connection icon on bottom right screen. I click on repair and it goes thru disabling/enabling then renewing IP address, and stays there........
  14. oops....clicked on the infected user ID, and while loading windows it stated 'cannot reconnect all drivers'....could this have anything to do with why this laptop not cannot connect to the internet?
  15. Below is the FSS.txt from the original computer. It seems okay now with the exception of 'unable to connect to the internet'. Please advise. Farbar Service Scanner Ran by Bric (administrator) on 06-01-2012 at 17:11:59 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: The start type of NetBt service is OK. The ImagePath of NetBt service is OK. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
  16. I appreciate you helping me. We are traveling today/tomorrow, will you please leave this open post open? I will send you a PM when I get back home and we can resume with the FSS log on the original computer, Friday, 1/6/12.
  17. Now I have two laptops without internet connection.
  18. PS I have ERUNT installed on my laptop and it does have daily back-ups on it; however I don't know how to restore??
  19. My laptop which I was using to 'heal' the bad one, is now having the same issue with the internet connection. "Acquiring Network Address" nothing else. Today I am on a borrowed desktop, which I don't want to endanger. I used my laptop to check the flash drive for virus. It showed a file d:/zb4meta.info. I deleted it from flash drive. Where can I go from here? The desktop is my mom's and I'm afraid to use the flashdrive on her computer because I don't want to infect another computer.
  20. Before combofix ran, it stated this was outdated and would be run in reduced form. Here is log: ComboFix 11-12-27.01 - Bric 01/02/2012 8:57.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.240 [GMT -5:00] Running from: c:\documents and settings\Bric\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bric\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 ))))))))))))))))))))))))))))))) . . 2011-12-18 22:21 . 2011-12-29 16:59 -------- d-----w- c:\documents and settings\Guest 2011-12-18 17:40 . 2012-01-02 02:40 -------- d-----w- c:\documents and settings\Bric 2011-12-18 09:02 . 2011-12-18 09:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-12-18 00:15 . 2011-12-18 00:15 -------- d-----w- c:\program files\Disney 2011-12-15 20:05 . 2011-12-16 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-12-15 20:05 . 2011-12-15 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-12-15 19:44 . 2011-12-15 19:44 -------- d-----w- c:\program files\Ask.com 2011-12-15 19:43 . 2011-11-22 19:21 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-12-15 19:43 . 2011-11-22 19:21 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-12-15 19:43 . 2011-11-22 19:21 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-12-15 19:43 . 2011-12-15 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-12-15 19:43 . 2011-12-15 19:43 -------- d-----w- c:\program files\Avira 2011-12-15 00:14 . 2011-12-15 00:14 -------- d-----w- c:\windows\system32\Downloads 2011-12-14 09:53 . 2011-12-14 10:16 -------- d-----w- c:\windows\system32\sdtmp 2011-12-14 00:45 . 2011-12-14 00:45 -------- d-----w- c:\program files\iPod 2011-12-14 00:45 . 2011-12-14 00:47 -------- d-----w- c:\program files\iTunes 2011-12-07 01:21 . 2011-12-07 01:21 -------- d-----w- c:\windows\system32\LogFiles 2011-12-06 23:47 . 2011-12-29 18:58 -------- d-----w- c:\documents and settings\Administrator 2011-12-06 00:55 . 2011-12-06 00:55 -------- d-sh--w- c:\documents and settings\user\IECompatCache 2011-12-06 00:03 . 2011-12-06 23:36 -------- d-----w- c:\program files\AP Tuner 2011-12-05 22:34 . 2011-12-05 22:34 -------- d-----w- c:\program files\Finale 2012 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 12:29 . 2010-12-28 19:44 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-30 12:29 . 2010-12-28 19:44 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-15 14:04 . 2002-02-27 19:12 2600 ----a-w- C:\xp_exe_fix.reg 2011-12-15 00:32 . 1998-12-10 17:33 218624 ----a-w- c:\windows\system32\SETUP.DLL 2011-12-14 12:11 . 2011-06-17 23:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-10 14:22 . 2009-10-11 09:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-11-21 04:04 . 2011-12-11 01:13 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-11-21 07:18 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-21 1515688] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-21 901800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-22 258512] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] . c:\documents and settings\Bric\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/15/2011 2:43 PM 36000] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/15/2011 2:43 PM 86224] R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/15/2011 2:43 PM 463824] R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [10/11/2009 4:42 AM 196480] S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [10/11/2009 4:42 AM 6844] . Contents of the 'Scheduled Tasks' folder . 2011-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-11-21 07:18] . 2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{E348E54F-E4FD-4BD1-80A4-B97E47C9E348}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 FF - ProfilePath - c:\documents and settings\Bric\Application Data\Mozilla\Firefox\Profiles\7rtrtptl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-02 09:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\$NtUninstallKB10197$:SummaryInformation 0 bytes hidden from API . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(840) c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - - - - > 'explorer.exe'(2276) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2012-01-02 09:02:37 ComboFix-quarantined-files.txt 2012-01-02 14:02 . Pre-Run: 35,906,244,608 bytes free Post-Run: 35,902,795,776 bytes free . - - End Of File - - C6631F1E100FCED2CA752804C26AADA5
  21. Gave me same Registry Editor: Cannot import C:Documents and Settings\Administrator\Desktop\Fix.reg:Error accessing the registry.
  22. Once I double clicked the fix.reg, I then clicked 'yes' to add info to C:\Documents and Settings\Bric\Desktop\Fix.reg to the registry. New box {Registry Editor} 'Cannot import C:\Documents and Settings\Bric\Desktop\Fix.reg: Error accessing the registry.' I guess it won't let me??
  23. I just tried 'repair' internet connection: Bottom right screen, computer icon has a yellow dot floating back/forth, while box in middle of screen {Repair Wireless Network Connection} says 'Windows is taking the following action: Renewing your IP address'...............and it stays stuck here. Yes, last night I did restart the computer and again this morning. The following is new FSS.txt: Farbar Service Scanner Ran by Bric (administrator) on 31-12-2011 at 06:00:25 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: The start type of NetBt service is OK. The ImagePath of NetBt service is OK. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) NetBT(6) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
  24. Ok, completed that. When I try connecting to internet, it is still saying 'acquiring network address'?? Will not let me connect.??
  25. The internet was the only thing this computer was used for. I think that's the only thing. FSS.txt is copy/paste below: Farbar Service Scanner Ran by user (administrator) on 30-12-2011 at 04:44:05 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. NetBt Service is not running. Checking service configuration: Checking Start type: Attention! Unable to retrieve start type of NetBt. The value does not exist. Checking ImagePath: Attention! Unable to retrieve ImagePath of NetBt. The value does not exist. Checking LEGACY_NetBt: Attention! Unable to open LEGACY_NetBt\0000 registry key. The key does not exist. Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error: Google IP is unreachable Attempt to access Yahoo IP returend error: Yahoo IP is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(4) IPSec(6) irda(3) PSched(8) Tcpip(5) 0x080000000600000001000000020000000300000004000000050000000700000008000000 **** End of log ****
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.