Help! After nasty virus, unable to connect to internet

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Help! After nasty virus, unable to connect to internet

#1 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 05 February 2012 - 12:33 PM

Hello--I have Win XP SP3 and picked up one of the worst viruses I've ever seen (the PC literally went popup crazy right in front of my eyes and I still dont know how it started). Anyway, I cleaned it up via Security Essentials and Malwarebytes (and shows completely clean). Now I am getting Error 2 messages for the ICS/Firewall service, and a bunch of network related services as well and internet does not load. Originally I was getting no IPSEC (missing should be value 4 message) but I followed the advice given to Dakota316 and the reinstall of the Winsock. Now I don't get the IPSEC error anymore, but the rest remains and still no internet. I also appear to have all the system32 files with nothing missing (came across that post from Broni as well). I work with these things but I'm at wits end on this PC--can anyone help with what to try next? Here are the two logs from FSS:

#1 (BEFORE WINSOCK REBUILD):

Farbar Service Scanner Version: 05-02-2012
Ran by Administrator (administrator) on 05-02-2012 at 11:17:06
Running from "F:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "L:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

File Check:
========
L:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! L:\WINDOWS\system32\Drivers\ipsec.sys is missing.
L:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
L:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
L:\WINDOWS\system32\netman.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\srsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
L:\WINDOWS\system32\wscsvc.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\wuauserv.dll => MD5 is legit
L:\WINDOWS\system32\qmgr.dll => MD5 is legit
L:\WINDOWS\system32\es.dll => MD5 is legit
L:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
L:\WINDOWS\system32\svchost.exe => MD5 is legit
L:\WINDOWS\system32\rpcss.dll => MD5 is legit
L:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) lpx(8) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
Attention! IpSec Tag value should be 4Attention! IpSec Tag value is missing and it should be 4

**** End of log ****

---------------------------------------------------------

AFTER WINSOCK REBUILD, HERE IS THE LATEST LOG--BUT ISN'T IPSEC SUPPOSED TO BE 4?:

Farbar Service Scanner Version: 05-02-2012
Ran by Administrator (administrator) on 05-02-2012 at 11:50:22
Running from "F:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "L:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

File Check:
========
L:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! L:\WINDOWS\system32\Drivers\ipsec.sys is missing.
L:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
L:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
L:\WINDOWS\system32\netman.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\srsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
L:\WINDOWS\system32\wscsvc.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\wuauserv.dll => MD5 is legit
L:\WINDOWS\system32\qmgr.dll => MD5 is legit
L:\WINDOWS\system32\es.dll => MD5 is legit
L:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
L:\WINDOWS\system32\svchost.exe => MD5 is legit
L:\WINDOWS\system32\rpcss.dll => MD5 is legit
L:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(11) lpx(8) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000B000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000

This post has been edited by scottm18: 05 February 2012 - 12:54 PM

#2 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 05 February 2012 - 03:50 PM

Welcome aboard Posted Image

You have several issues there.

Let's start with missing system file.

Please run Farbar Service Scanner FSS).
Type the following in the edit box after "Search:".

ipsec.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#3 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 05 February 2012 - 05:45 PM

Wow--how did I miss that "this file is missing" error...twice! I even followed the winsock rebuild procedure you have posted. I'm lucky enough to have an XP laptop with SP3 next to me (where I originally wrote this)--so I copied off the ipsec.sys from its drivers directory and added it to my main PC. Rebooted and voila--back on! That one little file in the drivers directory was deleted and takes down the whole internet?

However, you did say "multiple issues"...is there anything else that looks off? What about the not loading of the two services? I am having one more issue after this too--I have a double network card with one going strictly for NDAS setup (LPX protocol only). That is also/still not picking up but control panel network panel shows it working and there is a light showing on both ends of the connection. I may have to reload the NDAS driver...

Thanks!

Here is the latest FSS log...

Farbar Service Scanner Version: 05-02-2012
Ran by Administrator (administrator) on 05-02-2012 at 17:26:45
Running from "F:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "L:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

File Check:
========
L:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
L:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
L:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
L:\WINDOWS\system32\netman.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\srsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
L:\WINDOWS\system32\wscsvc.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\wuauserv.dll => MD5 is legit
L:\WINDOWS\system32\qmgr.dll => MD5 is legit
L:\WINDOWS\system32\es.dll => MD5 is legit
L:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
L:\WINDOWS\system32\svchost.exe => MD5 is legit
L:\WINDOWS\system32\rpcss.dll => MD5 is legit
L:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(11) lpx(8) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000B000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000

**** End of log ****

This post has been edited by scottm18: 05 February 2012 - 05:57 PM

#4 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 05 February 2012 - 05:57 PM

Good news

1. Did you disable system restore for whatever reason?
If you didn't make sure to turn it on.

2. You have 4 registry keys missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click wscsvc.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click legacy_wuauserv.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.
Post new FSS log.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#5 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 06 February 2012 - 01:59 PM

Getting there...I believe system restore was previously turned off. I'll bring it back once everything is fixed.

One service left--wuauserv (specified module cannot be found error)

NDAS (LDX) still not working--next step is to reinstall driver.

Latest...

Farbar Service Scanner Version: 05-02-2012
Ran by Administrator (administrator) on 06-02-2012 at 13:51:53
Running from "F:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "L:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

File Check:
========
L:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
L:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
L:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
L:\WINDOWS\system32\netman.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\srsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
L:\WINDOWS\system32\wscsvc.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\wuauserv.dll => MD5 is legit
L:\WINDOWS\system32\qmgr.dll => MD5 is legit
L:\WINDOWS\system32\es.dll => MD5 is legit
L:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
L:\WINDOWS\system32\svchost.exe => MD5 is legit
L:\WINDOWS\system32\rpcss.dll => MD5 is legit
L:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(11) lpx(8) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000B000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000

**** End of log ****

#6 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 06 February 2012 - 02:16 PM

Quote

1. Did you disable system restore for whatever reason?
If you didn't make sure to turn it on.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#7 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 06 February 2012 - 02:26 PM

Yes--SR service appears fine there--now only wuaserv... I actually ran the reghack twice for that and it did't kick in.

Farbar Service Scanner Version: 05-02-2012
Ran by Administrator (administrator) on 06-02-2012 at 14:24:57
Running from "F:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

File Check:
========
L:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
L:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
L:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
L:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
L:\WINDOWS\system32\netman.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\srsvc.dll => MD5 is legit
L:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
L:\WINDOWS\system32\wscsvc.dll => MD5 is legit
L:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
L:\WINDOWS\system32\wuauserv.dll => MD5 is legit
L:\WINDOWS\system32\qmgr.dll => MD5 is legit
L:\WINDOWS\system32\es.dll => MD5 is legit
L:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
L:\WINDOWS\system32\svchost.exe => MD5 is legit
L:\WINDOWS\system32\rpcss.dll => MD5 is legit
L:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(11) lpx(8) NetBT(5) PSched(7) Tcpip(3)
0x0B0000000B000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000

**** End of log ****

#8 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 06 February 2012 - 03:03 PM

It looks like something is blocking it from running.

Can you actually access Windows updates?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#9 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 07 February 2012 - 12:31 PM

OK-Here's goes. It did block the windows update when I tried (digging up IE)--even a reinitialize didn't work:

SECURITY CHECK:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date! <--dont use
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Advanced Disk Cleaner
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player ( 10.3.183.5) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

MINITOOLBOX:(EDITED IP INFO)

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 07-02-2012 at 08:32:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

TAP-Win32 Adapter V9 = Local Area Connection 3 (Disconnected)
TRENDnet, TEG-PCITXR 32-bit 10/100/1000Mbps PCI ADAPTER = Local Area Connection 4 (Connected)
Intel® PRO/1000 MT Server Adapter = Local Area Connection 5 (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : windowsxp

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : TRENDnet, TEG-PCITXR 32-bit 10/100/1000Mbps PCI ADAPTER

Physical Address. . . . . . . . . : 00-14-D1-1F-3D-95

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . :

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, February 07, 2012 8:28:44 AM

Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 8:38:44 AM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.47.106, 74.125.47.147, 74.125.47.99, 74.125.47.103
74.125.47.104, 74.125.47.105

Pinging google.com [74.125.47.104] with 32 bytes of data:

Reply from 74.125.47.104: bytes=32 time=43ms TTL=47

Reply from 74.125.47.104: bytes=32 time=41ms TTL=47

Ping statistics for 74.125.47.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 43ms, Average = 42ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=110ms TTL=43

Reply from 72.30.2.43: bytes=32 time=109ms TTL=43

Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 110ms, Average = 109ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 d1 1f 3d 95 ...... TRENDnet, TEG-PCITXR 32-bit 10/100/1000Mbps PCI ADAPTER - Packet Scheduler Miniport
===========================================================================
===========================================================================

===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 L:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 L:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 L:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 L:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 L:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 L:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2012 04:04:50 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/06/2012 01:59:59 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/06/2012 01:30:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 05:34:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 11:57:14 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 09:19:27 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 02:23:17 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2012 02:23:15 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 02:19:42 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/05/2012 05:00:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

System errors:
=============
Error: (02/07/2012 08:28:06 AM) (Source: DCOM) (User: Administrator)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (02/07/2012 08:27:36 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/07/2012 08:27:36 AM) (Source: DCOM) (User: Administrator)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (02/07/2012 08:27:06 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/07/2012 08:27:05 AM) (Source: DCOM) (User: Administrator)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (02/07/2012 08:27:00 AM) (Source: Schedule) (User: )
Description: The At18.job command failed to start due to the following error:
%%2147942402

Error: (02/07/2012 08:27:00 AM) (Source: Schedule) (User: )
Description: The At17.job command failed to start due to the following error:
%%2147942402

Error: (02/07/2012 08:26:35 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/07/2012 08:26:33 AM) (Source: DCOM) (User: Administrator)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (02/07/2012 08:26:03 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (02/06/2012 04:04:50 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (02/06/2012 01:59:59 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/06/2012 01:30:16 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80080005beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/05/2012 05:34:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/05/2012 11:57:14 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/05/2012 09:19:27 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (02/05/2012 02:23:17 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2012 02:23:15 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/05/2012 02:19:42 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (02/05/2012 05:00:25 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Acoustica MP3 CD Burner
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Disk Cleaner (Version: 5.0.0)
AllToAVI v4 r5394 (Version: v4 r5394)
Amazon MP3 Downloader 1.0.0+6
Any Video Converter 3.0.5
Ask Toolbar (Version: 1.8.0.0)
Asset UPnP (Version: Release 3)
AT&T U-verse Setup
Auslogics Disk Defrag (Version: version 3.3)
Auto Gordian Knot 2.45 (Version: 2.45)
AVI Video Joiner 1.5 (Version: 1.5)
AVI/MPEG/RM/WMV Splitter 4.28
Avidemux 2.5 (Version: 2.5.2.5660)
AviSynth 2.5
BioShock Demo (Version: 1.09.0000)
Bit Che (Version: 1.0)
BK ReplaceEm 2.0
BUFFALO NAS Navigator
CCleaner (Version: 3.00)
CDBurnerXP (Version: 4.2.4.1235)
ConvertXtoDVD 2.2.3.258 (Version: 2.2.3.258)
Dropbox (Version: 0.6.402)
DVD-Audio Solo Standard 2.2 (Version: 2.2)
DVD Audio Extractor 6.0.2
DVD Decrypter (Remove Only)
DVDFab Platinum 3.1.8.0
Easy CD-DA Extractor 11 (Version: 11)
eMusic Download Manager 4.1.1 (Version: 4.1.1)
Exact Audio Copy 0.99pb5 (Version: 0.99pb5)
EZ Screen Capture (Version: 1.0.5)
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
FLAC 1.2.1b (remove only) (Version: 1.2.1b)
FLAC MP3 Converter v3.3 build 1058
GOM Player (Version: 2.1.25.5017)
Goodnight Timer 1.1
Google Chrome (Version: 16.0.912.77)
Google Gears (Version: 0.4.24.0)
GrabIt 1.7.2 Beta 6 (build 1008)
GTR 2 Demo (Version: v1.0.0.0)
Haali Media Splitter
HD Tach version 3
HyperCam 2 (Version: 2.24.01)
HyperCam Toolbar
IDT Audio (Version: 1.0.20001.0)
ImgBurn (Version: 2.5.5.0)
Intel® Desktop Utilities (Version: 3.0.15)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections 16.7.166.0 (Version: 16.7.166.0)
Intel® SMBus
iSkysoft Video Converter(Build 2.3.1.0)
IsoBuster 2.4 (Version: 2.4)
IsoBuster Toolbar (Version: 6.8.5.1)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
K-Lite Codec Pack 5.4.4 (Basic) (Version: 5.4.4)
LifeGlobe Goldfish Aquarium (Version: 1.0)
Logitech QuickCam (Version: 11.10.2030)
Logitech® Camera Driver
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Maxtor Manager (Version: 4.03.0300)
MeGUI modern media encoder (remove only)
MemInfo (remove only)
Mezzmo (Version: 2.4.2.0)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C Runtime (Version: 8.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
Mimo (Version: 0.2.4)
mIRC (Version: 6.21)
MKV TO AVI CONVERTER version 3.22
mkv2vob (Version: 2.4.5.1)
MKVtoolnix 2.9.5 (Version: 2.9.5)
Moyea FLV Editor Lite version: 1.1.1.846
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MVision (Version: 11.10.2030)
NDAS Software 3.72.2080 (Version: 3.72.2080)
Nero 7 Ultra Edition (Version: 7.02.6445)
neroxml (Version: 1.0.0)
News Rover -- Usenet newsreader (Version: 14.1 Rev. 2)
NewsBin Pro (Version: 5.42)
NewsLeecher v4.0 Beta 23 (RC)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenSource Flash Video Splitter 1.0.0.5 (Version: 1.0.0.5)
Paragon Partition Manager 8.5 Professional
Plants vs. Zombies 1.0.0.1051
Playlist Creator 3.6.2 (Version: 3.6.2.0)
PlexTools Professional XL (Shared Components) (Version: 2.70.0)
Primo (Version: 1.00.0000)
PS3 Media Server (Version: 1.50.0)
PS3 Video 9 2.25 (Version: 2.25)
Quick StartUp 2.3
RapidShare Manager (Version: 0.1.0.257)
RapidShare Manager 2 (Version: 2)
SC Video Cut and Split 4.2.0.2
SereneScreen Marine Aquarium Time 2 (Version: 2.0)
Sony Picture Utility (Version: 3.2.00.05260)
SoulSeek 157 NS 13c
SoulSeek Client 156c
Splash Lite (Version: 1.1.5)
SPVOD Player1.8 (Version: 1.8.810.0)
StartupMonitor (Version: 1.0.2.0)
Steam (Version: 1.0.0.0)
SubEdit-Player (Version: 4060)
Subtitle Workshop 2.51
SumatraPDF (Version: 1.6)
Super Mp3 Recorder Professional v6.2
swMSM (Version: 12.0.0.1)
Synology Assistant (remove only)
System Requirements Lab for Intel (Version: 4.4.22.0)
TEG-PCITXR 32bit Gigabit PCI Adatper (Version: 1.23.0000)
TVersity Codec Pack 1.7 (Version: 1.7)
TVersity Media Server 1.9.7 (Version: 1.9.7)
VistaBootPRO 3.3 (Version: 3.3.0)
Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 1.1.4 (Version: 1.1.4)
VobSub v2.23 (Remove Only)
WebFldrs XP (Version: 9.50.7523)
Wild Media Server (UPnP, DLNA, HTTP) (Version: 1.11)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.7)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinUndelete 3.50
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
XviD MPEG4 Video Codec (remove only)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2029.68 MB
Available physical RAM: 985.23 MB
Total Pagefile: 7964.04 MB
Available Pagefile: 7023.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:27.22 GB) (Free:0.05 GB) NTFS
2 Drive d: () (Fixed) (Total:279.45 GB) (Free:0.07 GB) NTFS
3 Drive e: (WD_Green) (Fixed) (Total:465.76 GB) (Free:14.04 GB) NTFS
4 Drive f: () (Removable) (Total:7.51 GB) (Free:0.35 GB) FAT32
9 Drive l: (XP Volume) (Fixed) (Total:10.09 GB) (Free:0.54 GB) NTFS
10 Drive m: (my book) (Fixed) (Total:1396.6 GB) (Free:0.07 GB) NTFS
12 Drive w: (WD SmartWare) (CDROM) (Total:0.44 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\WINDOWSXP

Administrator Guest HelpAssistant
SUPPORT_388945a0

**** End of log ****

MALWAREBYTES:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: WINDOWSXP [administrator]

2/6/2012 2:33:56 PM
mbam-log-2012-02-06 (14-33-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 591636
Time elapsed: 2 hour(s), 44 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

AVAST SCAN:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 08:36:27
-----------------------------
08:36:27.406 OS Version: Windows 5.1.2600 Service Pack 3
08:36:27.406 Number of processors: 2 586 0xF06
08:36:27.406 ComputerName: WINDOWSXP UserName:
08:36:29.609 Initialize success
08:38:01.875 AVAST engine defs: 12020700
08:38:23.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
08:38:23.312 Disk 0 Vendor: SAMSUNG_SP0401C ST100-34 Size: 38204MB BusType: 3
08:38:23.312 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-12
08:38:23.312 Disk 1 Vendor: ST3300831AS 3.03 Size: 286168MB BusType: 3
08:38:23.312 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-28
08:38:23.312 Disk 2 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
08:38:23.328 Disk 0 MBR read successfully
08:38:23.328 Disk 0 MBR scan
08:38:23.375 Disk 0 Windows XP default MBR code
08:38:23.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 27870 MB offset 63
08:38:23.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10330 MB offset 57078945
08:38:23.390 Disk 0 scanning sectors +78236550
08:38:23.453 Disk 0 scanning L:\WINDOWS\system32\drivers
08:38:35.750 Service scanning
08:38:36.656 Service MpKsla14f1738 L:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{426AF771-0AE8-4167-94F8-2670B2F01E31}\MpKsla14f1738.sys **LOCKED** 32
08:38:36.796 Service sptd L:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
08:38:37.328 Modules scanning
08:38:44.890 Disk 0 trace - called modules:
08:38:44.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys span.sys >>UNKNOWN [0x8af28938]<<
08:38:44.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeee8f0]
08:38:44.906 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000070[0x8aea5f18]
08:38:44.906 5 ACPI.sys[b9e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8aea4b00]
08:38:45.609 AVAST engine scan L:\WINDOWS
08:38:50.093 AVAST engine scan L:\WINDOWS\system32
08:40:53.390 AVAST engine scan L:\WINDOWS\system32\drivers
08:41:08.406 AVAST engine scan L:\Documents and Settings\Administrator
08:44:50.140 AVAST engine scan L:\Documents and Settings\All Users
08:45:23.468 Scan finished successfully
09:01:09.328 Disk 0 MBR has been saved successfully to "L:\Documents and Settings\Administrator\My Documents\MBR.dat"
09:01:09.328 The log file has been saved successfully to "L:\Documents and Settings\Administrator\My Documents\aswMBR.txt"

#10 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 07 February 2012 - 12:36 PM

You have "hosts" file missing.

Download following "hosts"(zipped) file: http://www.bleepstatic.com/fhost/uploads/0/hosts_xp.zip
Unzip it.
Copy hosts file found inside.
Open Windows Explorer and paste hosts file to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.

Next....
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.
Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
```
:dir
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next....
Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#11 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 07 February 2012 - 01:16 PM

Well L:\PF in my case...

SystemLook 30.07.11 by jpshortstuff
Log created at 13:08 on 07/02/2012 by Administrator
Administrator - Elevation successful

========== dir ==========

L:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [18:00 07/02/2012] [15:40 19/01/2012]
hosts.ics --a---- 438 bytes [23:35 30/12/2009] [23:36 30/12/2009]
lmhosts.sam --a--c- 3683 bytes [12:00 23/08/2001] [12:00 23/08/2001]
networks --a--c- 407 bytes [12:00 23/08/2001] [12:00 23/08/2001]
protocol --a--c- 799 bytes [12:00 23/08/2001] [12:00 23/08/2001]
services --a--c- 7116 bytes [12:00 23/08/2001] [12:00 23/08/2001]

---Folders---
None found.

-= EOF =-

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\L:
\\.\L: -> \\.\PhysicalDrive0 at offset 0x00000006`cde94200
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Still get this when trying to update:

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup

#12 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 07 February 2012 - 01:24 PM

Go Start>Run, type in:
services.msc
Click OK.

Find Windows Update service.
You'll see it not running.
What happens when you try to start the service?

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#13 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 07 February 2012 - 06:35 PM

Msg:

Could not start the Automatic Updates service on Local Computer
Error 126: The specified module could not be found.

#14 Broni

The Coolest BC Computer

Group: BC Advisor
Posts: 22,167
Joined: 01-February 08
Gender:Male
Location:Daly City, CA

Posted 07 February 2012 - 07:04 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.
Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box and paste it into the main textfield:
```
:reg
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /s 
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click

#15 scottm18

New Member

Group: Members
Posts: 8
Joined: 05-February 12

Posted 08 February 2012 - 02:28 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 19:21 on 07/02/2012 by Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Type"= 0x0000000020 (32)
"Start"= 0x0000000002 (2)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"DisplayName"="Automatic Updates"
"ObjectName"="LocalSystem"
"Description"="Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum]
"0"="Root\LEGACY_WUAUSERV\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"="L:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"=01 00 14 80 78 00 00 00 84 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 00 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 48 00 03 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

-= EOF =-