Jump to content

Missing Network Connections as well as Internet


Recommended Posts

PC running Windows XP SP2 needs help. Ran Malwarebytes quick scan and full scan and didn't catch anything.

 

Here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Carmen garcia at 13:28:06 on 2013-07-31
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3070.2620 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.


uProxyOverride = 127.0.0.1:9421;<local>


dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "c:\documents and settings\carmen garcia\local settings\application data\akamai\netsession_win.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe



Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {DBA81933-E3F4-4695-A2E7-1426A23C914E} - c:\program files\bentley\geopak\v8.11\bin\MXUserReg.EXE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carmen garcia\application data\mozilla\firefox\profiles\6h6h2xlu.default\

FF - prefs.js: browser.search.selectedEngine - InternetHelper3.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-17 13:43; {07cbf788-1359-421b-a4e3-5a8d041b90a3}; c:\documents and settings\carmen garcia\application data\mozilla\firefox\profiles\6h6h2xlu.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
FF - ExtSQL: 2013-07-26 12:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\carmen garcia\application data\mozilla\firefox\profiles\6h6h2xlu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar.id - a8adafaa0000000000000019b92f6422
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15660
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.811:00:37
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-25 418376]
R2 Transoft Solutions License Server V1.7;Transoft Solutions License Server V1.7;c:\program files\transoft solutions\license server\TransoftLS.exe [2012-10-10 446464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-25 701512]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 DgnIndexingService;Bentley Dgn Index Service;c:\program files\common files\bentley shared\dgn  index service\DgnIndexServer.exe [2012-4-13 137728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-25 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-31 13:16:42    98816    ----a-w-    c:\windows\sed.exe
2013-07-31 13:16:42    256000    ----a-w-    c:\windows\PEV.exe
2013-07-31 13:16:42    208896    ----a-w-    c:\windows\MBR.exe
2013-07-30 19:36:35    96640    ----a-w-    c:\windows\system32\drivers\b57xp32.sys
2013-07-30 14:40:07    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-07-25 12:53:49    --------    d-----w-    c:\documents and settings\carmen garcia\application data\Malwarebytes
2013-07-25 12:53:36    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-25 12:53:36    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-25 12:53:36    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-07-17 18:45:29    --------    d-----w-    c:\program files\MyPC Backup
2013-07-17 18:44:08    --------    d-----w-    c:\program files\Conduit
2013-07-17 18:43:48    --------    d-----w-    c:\documents and settings\carmen garcia\local settings\application data\CRE
2013-07-17 18:43:47    --------    d-----w-    c:\documents and settings\carmen garcia\local settings\application data\Conduit
2013-07-17 18:43:27    --------    d-----w-    c:\program files\SearchProtect
2013-07-17 18:43:12    --------    d-----w-    c:\documents and settings\carmen garcia\application data\SearchProtect
2013-07-02 01:26:56    --------    d-sh--w-    c:\documents and settings\carmen garcia\IECompatCache
.
==================== Find3M  ====================
.
2013-07-17 18:43:20    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-17 18:43:20    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-17 03:28:30    0    ----a-w-    c:\windows\ativpsrm.bin
.
============= FINISH: 13:28:46.90 ===============
 

 

 

 

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2010 9:33:34 AM
System Uptime: 7/31/2013 1:24:51 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0RF703
Processor:               Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2791/800mhz
Processor:               Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2791/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 29.35 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01DA1028&REV_02\4&21E4E6E0&0&00E4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_167A&SUBSYS_01DA1028&REV_02\4&21E4E6E0&0&00E4
Service:
.
==== System Restore Points ===================
.
RP918: 4/29/2013 10:50:24 AM - System Checkpoint
RP919: 4/30/2013 12:02:19 PM - System Checkpoint
RP920: 5/1/2013 9:17:22 AM - Installed ProjectWise Explorer V8i
RP921: 5/1/2013 9:29:03 AM - Removed ProjectWise Explorer V8i
RP922: 5/1/2013 9:44:07 AM - Installed ProjectWise Explorer V8i
RP923: 5/2/2013 10:35:15 AM - System Checkpoint
RP924: 5/3/2013 2:51:16 PM - System Checkpoint
RP925: 5/6/2013 10:16:05 AM - System Checkpoint
RP926: 5/7/2013 12:16:09 PM - System Checkpoint
RP927: 5/8/2013 12:21:57 PM - System Checkpoint
RP928: 5/9/2013 1:14:45 PM - System Checkpoint
RP929: 5/10/2013 3:12:08 PM - System Checkpoint
RP930: 5/13/2013 12:11:19 PM - System Checkpoint
RP931: 5/14/2013 12:35:40 PM - System Checkpoint
RP932: 5/15/2013 1:15:17 PM - System Checkpoint
RP933: 5/16/2013 1:49:18 PM - System Checkpoint
RP934: 5/17/2013 2:08:09 PM - System Checkpoint
RP935: 5/20/2013 9:00:05 AM - System Checkpoint
RP936: 5/21/2013 5:28:09 PM - System Checkpoint
RP937: 5/22/2013 5:33:11 PM - System Checkpoint
RP938: 5/23/2013 5:57:55 PM - System Checkpoint
RP939: 5/28/2013 12:17:30 PM - System Checkpoint
RP940: 5/30/2013 12:20:13 PM - System Checkpoint
RP941: 6/3/2013 12:28:12 PM - System Checkpoint
RP942: 6/4/2013 4:43:08 PM - System Checkpoint
RP943: 6/5/2013 5:25:09 PM - System Checkpoint
RP944: 6/6/2013 6:30:27 PM - System Checkpoint
RP945: 6/10/2013 2:41:01 PM - System Checkpoint
RP946: 6/11/2013 4:48:21 PM - System Checkpoint
RP947: 6/12/2013 5:47:30 PM - System Checkpoint
RP948: 6/13/2013 6:22:58 PM - System Checkpoint
RP949: 6/14/2013 7:15:19 PM - System Checkpoint
RP950: 6/15/2013 7:38:07 PM - System Checkpoint
RP951: 6/17/2013 4:19:14 PM - System Checkpoint
RP952: 6/18/2013 5:15:25 PM - System Checkpoint
RP953: 6/19/2013 6:18:16 PM - System Checkpoint
RP954: 6/20/2013 6:22:33 PM - System Checkpoint
RP955: 6/21/2013 6:29:16 PM - System Checkpoint
RP956: 6/23/2013 6:33:15 PM - System Checkpoint
RP957: 6/24/2013 7:09:59 PM - System Checkpoint
RP958: 6/25/2013 8:10:01 PM - System Checkpoint
RP959: 6/26/2013 9:10:07 PM - System Checkpoint
RP960: 6/27/2013 9:51:33 PM - System Checkpoint
RP961: 6/28/2013 10:51:32 PM - System Checkpoint
RP962: 6/29/2013 11:51:32 PM - System Checkpoint
RP963: 6/30/2013 11:53:21 PM - System Checkpoint
RP964: 7/1/2013 11:59:28 PM - System Checkpoint
RP965: 7/3/2013 12:47:26 AM - System Checkpoint
RP966: 7/4/2013 1:47:26 AM - System Checkpoint
RP967: 7/5/2013 2:47:26 AM - System Checkpoint
RP968: 7/6/2013 3:47:26 AM - System Checkpoint
RP969: 7/7/2013 4:47:26 AM - System Checkpoint
RP970: 7/8/2013 5:47:23 AM - System Checkpoint
RP971: 7/9/2013 6:47:23 AM - System Checkpoint
RP972: 7/10/2013 7:47:23 AM - System Checkpoint
RP973: 7/11/2013 12:18:51 PM - System Checkpoint
RP974: 7/12/2013 12:59:23 PM - System Checkpoint
RP975: 7/13/2013 1:47:25 PM - System Checkpoint
RP976: 7/14/2013 2:47:23 PM - System Checkpoint
RP977: 7/15/2013 4:21:05 PM - System Checkpoint
RP978: 7/17/2013 12:20:36 PM - System Checkpoint
RP979: 7/18/2013 12:36:12 PM - System Checkpoint
RP980: 7/24/2013 5:32:38 PM - System Checkpoint
RP981: 7/25/2013 7:58:47 AM - Removed AVG 2013
RP982: 7/25/2013 8:00:32 AM - Removed AVG 2013
RP983: 7/30/2013 1:38:34 PM - System Checkpoint
RP984: 7/30/2013 2:35:51 PM - Removed Broadcom Gigabit Integrated Controller
RP985: 7/30/2013 3:02:21 PM - Restore Operation
RP986: 7/30/2013 5:08:17 PM - Restore Operation
RP987: 7/31/2013 8:56:07 AM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.22beta
Adobe Acrobat 6.0.1 Standard
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Akamai NetSession Interface
Akamai NetSession Interface Service
ATI - Software Uninstall Utility
ATI Catalyst Control Center
Axiom Products for MicroStation V8
Bentley DGN IFilter
Bentley DGN Index Service
Bentley DGN Preview Handler
Bentley GEOPAK Suite V8i (SELECTseries 2)
Bentley MicroStation (V 08.05.00.64) - 1
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2012
Brother Driver Deployment Wizard
Brother MFC-6890CDW
Brother MFL-Pro Suite MFC-6890CDW
Dell Resource CD
Google Chrome
Google Earth
Google Update Helper
GuidSIGN 6
HEC-RAS 4.1.0
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
HP LaserJet M5035 MFP PCL 6,HP LaserJet M5025 MFP PCL 6 [HP LaserJet M5035 MFP PCL 6]
i-model ODBC Driver for Windows 7
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MicroStation PowerDraft V8i (SELECTseries 3) 08.11.09.308
MicroStation V8i (SELECTseries 3) 08.11.09.292
Mozilla Firefox 22.0 (x86 en-US)
MSXML 6.0 Parser (KB933579)
Network ScanGear Ver.2.21
PaperPort Image Printer
ProjectWise Explorer V8i
ProjectWise Explorer V8i (SELECTseries 4)
ProjectWise Prerequisite Runtimes V8i (SELECTseries 4)
RedistSysFiles
ScanSoft PaperPort 11
Search Protect by conduit
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB912812)
SoundMAX
Transoft Solutions License Server 1.7
Trimble Link Engine
Update for Windows XP (KB932823-v3)
VBA (2627.01)
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visualization Content
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Hotfix - KB839210
.
==== Event Viewer Messages From Past Week ========
.
7/31/2013 8:19:07 AM, error: Service Control Manager [7016]  - The BrSplService service has reported an invalid current state 0.
7/24/2013 11:20:18 AM, error: Service Control Manager [7024]  - The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).
7/24/2013 11:20:18 AM, error: Service Control Manager [7024]  - The AVG Firewall service terminated with service-specific error 3758162007 (0xE0010057).
.
==== End Of File ===========================
 

Link to post
Share on other sites

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Carmen garcia [Admin rights]
Mode : Scan -- Date : 07/31/2013 15:03:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLA380 +++++
--- User ---
[MBR] b6250b7dec02123c54cfe0404841b955
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07312013_150340.txt >>



 

Link to post
Share on other sites

That looks OK......

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Okay. Thank you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Carmen garcia (administrator) on 31-07-2013 15:15:14
Running from C:\Documents and Settings\Carmen garcia\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(brother Industries Ltd) C:\WINDOWS\system32\brss01a.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Akamai\netsession_win.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2006-01-02] (ATI Technologies Inc.)
HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [indexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [brMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-10-11] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - DefaultScope {9394168C-F103-41B0-B8EC-7BE56E6AC7FC} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9394168C-F103-41B0-B8EC-7BE56E6AC7FC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN11632195963011027&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AD3&o=102164&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=JH&apn_dtid=YYYYYYYYUS&apn_uid=a3ec3d50-97ca-45a8-b637-5fb56620eed5&apn_sauid=6453ECBA-11A7-4BF6-9029-22049FF00ECB
SearchScopes: HKCU - {9394168C-F103-41B0-B8EC-7BE56E6AC7FC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN11632195963011027&UM=2
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default
FF user.js: detected! => C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\user.js
FF NewTab: about:blank
FF SelectedSearchEngine: InternetHelper3.1 Customized Web Search
FF Homepage: www.yahoo.com

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF Extension: InternetHelper3.1  - C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
FF Extension: pricepeep - C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: No Name - C:\Documents and Settings\Carmen garcia\Application Data\Mozilla\Firefox\Profiles\6h6h2xlu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-07-28] ()
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
S2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S3 DgnIndexingService; C:\Program Files\Common Files\Bentley Shared\Dgn  Index Service\DgnIndexServer.exe [137728 2012-04-13] (Bentley Systems Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Transoft Solutions License Server V1.7; C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe [446464 2012-10-10] ()

==================== Drivers (Whitelisted) ====================

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [6406656 2011-01-26] (ATI Technologies Inc.)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [96640 2001-08-17] (Broadcom Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [137728 2004-08-12] (Windows ® Server 2003 DDK provider)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
U3 mbr; \??\C:\DOCUME~1\CARMEN~1\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 15:15 - 2013-07-31 15:15 - 00000000 ____D C:\FRST
2013-07-31 15:12 - 2013-07-31 15:12 - 01222064 _____ (Farbar) C:\Documents and Settings\Carmen garcia\Desktop\FRST.exe
2013-07-31 15:03 - 2013-07-31 15:03 - 00001387 _____ C:\Documents and Settings\Carmen garcia\Desktop\RKreport[0]_S_07312013_150340.txt
2013-07-31 15:02 - 2013-07-31 15:03 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Desktop\RK_Quarantine
2013-07-31 13:28 - 2013-07-31 13:28 - 00011809 _____ C:\Documents and Settings\Carmen garcia\Desktop\dds.txt
2013-07-31 13:28 - 2013-07-31 13:28 - 00008333 _____ C:\Documents and Settings\Carmen garcia\Desktop\attach.txt
2013-07-31 08:33 - 2013-07-31 08:33 - 00021743 _____ C:\ComboFix.txt
2013-07-31 08:16 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-07-31 08:16 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-07-31 08:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-07-31 08:16 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-07-31 08:12 - 2013-07-31 08:54 - 00000000 ____D C:\Qoobox
2013-07-31 08:12 - 2013-07-31 08:53 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-30 16:50 - 2013-07-30 16:50 - 00001448 _____ C:\WINDOWS\COM+.log
2013-07-30 14:36 - 2001-08-17 12:11 - 00096640 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\b57xp32.sys
2013-07-30 09:40 - 2013-07-30 12:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-30 09:38 - 2013-07-30 09:38 - 13399154 _____ C:\Documents and Settings\Carmen garcia\My Documents\mbar-1.06.0.1004.zip
2013-07-30 09:18 - 2013-07-30 09:18 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-07-25 07:56 - 2013-07-25 07:56 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-25 07:53 - 2013-07-25 08:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-25 07:53 - 2013-07-25 07:53 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\Malwarebytes
2013-07-25 07:53 - 2013-07-25 07:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-07-25 07:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-17 16:45 - 2013-07-17 16:45 - 00031448 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-17 13:45 - 2013-07-18 08:21 - 00000000 ____D C:\Program Files\MyPC Backup
2013-07-17 13:44 - 2013-07-17 13:44 - 00000000 ____D C:\Program Files\Conduit
2013-07-17 13:43 - 2013-07-31 08:54 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Conduit
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Program Files\SearchProtect
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\CRE
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\SearchProtect
2013-07-17 13:42 - 2013-07-17 13:44 - 00000009 _____ C:\END
2013-07-04 19:03 - 2013-07-30 14:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-01 20:26 - 2013-07-01 20:26 - 00000000 __SHD C:\Documents and Settings\Carmen garcia\IECompatCache
2013-07-01 08:57 - 2013-07-01 08:57 - 00289792 _____ C:\Documents and Settings\Carmen garcia\Desktop\Current Texas Project List.xls

==================== One Month Modified Files and Folders =======

2013-07-31 15:15 - 2013-07-31 15:15 - 00000000 ____D C:\FRST
2013-07-31 15:12 - 2013-07-31 15:12 - 01222064 _____ (Farbar) C:\Documents and Settings\Carmen garcia\Desktop\FRST.exe
2013-07-31 15:03 - 2013-07-31 15:03 - 00001387 _____ C:\Documents and Settings\Carmen garcia\Desktop\RKreport[0]_S_07312013_150340.txt
2013-07-31 15:03 - 2013-07-31 15:02 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Desktop\RK_Quarantine
2013-07-31 14:32 - 2012-04-19 08:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-31 14:16 - 2010-06-11 14:59 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 13:28 - 2013-07-31 13:28 - 00011809 _____ C:\Documents and Settings\Carmen garcia\Desktop\dds.txt
2013-07-31 13:28 - 2013-07-31 13:28 - 00008333 _____ C:\Documents and Settings\Carmen garcia\Desktop\attach.txt
2013-07-31 13:27 - 2010-06-09 04:17 - 01306617 _____ C:\WINDOWS\setupapi.log
2013-07-31 13:26 - 2010-06-11 14:59 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-31 13:26 - 2010-06-09 09:30 - 01387638 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-31 13:26 - 2010-06-09 04:20 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-07-31 13:25 - 2012-12-13 09:51 - 00000286 _____ C:\servicetest.txt
2013-07-31 13:25 - 2011-09-21 14:54 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-31 13:25 - 2010-06-09 09:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-31 13:25 - 2010-06-09 04:20 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-07-31 09:13 - 2012-04-25 08:08 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-07-31 09:13 - 2010-06-09 09:43 - 00000178 ___SH C:\Documents and Settings\Carmen garcia\ntuser.ini
2013-07-31 09:13 - 2010-06-09 09:37 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-31 08:54 - 2013-07-31 08:12 - 00000000 ____D C:\Qoobox
2013-07-31 08:54 - 2013-07-17 13:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Conduit
2013-07-31 08:54 - 2012-06-04 08:51 - 00000000 ____D C:\Betty
2013-07-31 08:53 - 2013-07-31 08:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-31 08:53 - 2010-06-09 09:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia
2013-07-31 08:51 - 2011-11-22 14:23 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-07-31 08:33 - 2013-07-31 08:33 - 00021743 _____ C:\ComboFix.txt
2013-07-31 08:33 - 2010-06-09 09:34 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-07-31 08:29 - 2004-08-04 05:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-07-31 08:11 - 2012-04-07 12:46 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\U3
2013-07-30 16:50 - 2013-07-30 16:50 - 00001448 _____ C:\WINDOWS\COM+.log
2013-07-30 16:29 - 2012-11-15 16:10 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Desktop\Work Printouts
2013-07-30 16:17 - 2010-06-09 09:28 - 00000000 ____D C:\WINDOWS\Registration
2013-07-30 15:37 - 2010-06-09 16:33 - 00002521 _____ C:\Documents and Settings\Carmen garcia\Desktop\Microsoft Office Outlook 2007.lnk
2013-07-30 15:00 - 2010-06-09 09:29 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-07-30 14:48 - 2010-06-09 04:18 - 00621662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-30 14:48 - 2010-06-09 04:18 - 00231626 _____ C:\WINDOWS\iis6.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00153781 _____ C:\WINDOWS\FaxSetup.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00101270 _____ C:\WINDOWS\ocgen.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00074002 _____ C:\WINDOWS\tsoc.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00055723 _____ C:\WINDOWS\comsetup.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00055400 _____ C:\WINDOWS\msmqinst.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00035840 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00025126 _____ C:\WINDOWS\netfxocm.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00011536 _____ C:\WINDOWS\MedCtrOC.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00008119 _____ C:\WINDOWS\ocmsn.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00007889 _____ C:\WINDOWS\msgsocm.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00006946 _____ C:\WINDOWS\tabletoc.log
2013-07-30 14:48 - 2010-06-09 04:18 - 00004696 _____ C:\WINDOWS\imsins.log
2013-07-30 14:35 - 2013-07-04 19:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-30 14:06 - 2010-06-09 04:11 - 00000000 ____D C:\WINDOWS\Media
2013-07-30 12:06 - 2013-07-30 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-30 12:06 - 2013-06-01 08:31 - 00000000 ____D C:\Documents and Settings\Carmen garcia\My Documents\mbar
2013-07-30 09:38 - 2013-07-30 09:38 - 13399154 _____ C:\Documents and Settings\Carmen garcia\My Documents\mbar-1.06.0.1004.zip
2013-07-30 09:31 - 2010-06-09 04:11 - 00000000 ____D C:\WINDOWS\PeerNet
2013-07-30 09:18 - 2013-07-30 09:18 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-07-30 08:38 - 2010-06-09 14:27 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\AdobeUM
2013-07-29 09:30 - 2010-06-09 04:17 - 00180129 _____ C:\WINDOWS\setupact.log
2013-07-29 09:24 - 2010-06-09 04:11 - 00000000 ____D C:\WINDOWS\Resources
2013-07-29 08:23 - 2004-08-04 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-26 09:28 - 2010-10-20 07:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v4$
2013-07-25 09:35 - 2012-04-24 17:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallWIC$
2013-07-25 08:01 - 2013-07-25 07:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-25 08:00 - 2010-10-19 08:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-07-25 07:56 - 2013-07-25 07:56 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-25 07:53 - 2013-07-25 07:53 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\Malwarebytes
2013-07-25 07:53 - 2013-07-25 07:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-07-24 14:34 - 2010-06-09 04:18 - 00001917 _____ C:\WINDOWS\imsins.BAK
2013-07-24 14:31 - 2010-06-11 09:58 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Google
2013-07-24 14:31 - 2010-06-11 09:57 - 00000000 ____D C:\Program Files\Google
2013-07-24 14:31 - 2010-06-11 09:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-07-22 09:06 - 2010-06-09 10:42 - 00002473 _____ C:\Documents and Settings\Carmen garcia\Desktop\Microsoft Office Excel 2007.lnk
2013-07-18 08:21 - 2013-07-17 13:45 - 00000000 ____D C:\Program Files\MyPC Backup
2013-07-17 16:48 - 2013-05-31 14:49 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Desktop\MOPAC
2013-07-17 16:45 - 2013-07-17 16:45 - 00031448 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-17 15:27 - 2010-06-09 14:26 - 00000000 ____D C:\Program Files\Adobe
2013-07-17 13:44 - 2013-07-17 13:44 - 00000000 ____D C:\Program Files\Conduit
2013-07-17 13:44 - 2013-07-17 13:42 - 00000009 _____ C:\END
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Program Files\SearchProtect
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\CRE
2013-07-17 13:43 - 2013-07-17 13:43 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Application Data\SearchProtect
2013-07-17 13:43 - 2012-04-19 08:19 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-07-17 13:43 - 2011-08-12 09:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-07-17 13:42 - 2010-08-13 13:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-07-16 12:09 - 2010-06-09 14:27 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Local Settings\Application Data\Adobe
2013-07-12 23:20 - 2011-07-13 08:06 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-07-09 15:21 - 2013-06-13 16:52 - 00000000 ____D C:\Documents and Settings\Carmen garcia\Desktop\DD
2013-07-01 22:42 - 2012-02-23 09:39 - 00000497 _____ C:\WINDOWS\nsw.log
2013-07-01 20:26 - 2013-07-01 20:26 - 00000000 __SHD C:\Documents and Settings\Carmen garcia\IECompatCache
2013-07-01 08:57 - 2013-07-01 08:57 - 00289792 _____ C:\Documents and Settings\Carmen garcia\Desktop\Current Texas Project List.xls

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== End Of Log ============================

 

 

Addition.txt

Link to post
Share on other sites

No there should be items in there.

Take a look in the device manager and see if there's any red or yellow marks by any item especially by Network adapters.

Then......

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • (click all the boxes)
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
MrC
Link to post
Share on other sites

There isn't a 'Network Adapters' heading in the Device Manager window... There are four yellow marks by items in the 'Other Devices' heading though.

 

Audio Device on High Definition Audio Bus

Ethernet Controller

MFC-6890CDW

MFC-6890CDW

 

And here's the scan's log:

 

Farbar Service Scanner Version: 26-07-2013
Ran by Carmen garcia (administrator) on 01-08-2013 at 09:05:36
Running from "C:\Documents and Settings\Carmen garcia\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-06-09 09:27] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2010-06-09 09:29] - [2004-08-04 05:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2010-06-09 09:29] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-06-09 09:27] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2010-06-09 09:29] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2010-06-09 09:29] - [2004-08-04 05:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

I had looked at Method 1 and was looking at Method 2 and I could do some of it but 'Network Adapters' doesn't show up under the Device Manager.

 

Thanks for your help but it looks like my friend who owns the computer just decided to have it replaced since it's so old. Thanks again for your help.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.