Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recognizes Wireless Network - Will Not Connect


  • Please log in to reply
23 replies to this topic

#1 ghost0nthestage

ghost0nthestage

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 07 January 2012 - 07:16 PM

I have an Acer travelmate which was connecting to our wireless network last night with no problems. This morning, it simply wouldn't work. We're running a D-Link router and my girlfriend has no problems connecting her laptop to the network.

When I attempt to connect and enter the WPA, the computer displays that it is "Not Connected" to the network, however a button at the bottom of the wireless network connect window says that I can disconnect from the network. It's almost as if the computer is half-way connected to the network.

I know it's not much information to go on, but if anyone can offer any help it would be really appreciated. I don't even know where to start with this problem.

BC AdBot (Login to Remove)

 


#2 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 07 January 2012 - 11:41 PM

Sorry for the double post but I thought I'd add that when attempting to connect to the network, it states that it is "waiting for the network to be ready" until it eventually gives up trying and does not connect.

#3 10 Beers

10 Beers

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:01:29 PM

Posted 08 January 2012 - 03:48 AM

Sorry,I can't help you, but I've experienced almost the same thing.
My problem went away after I futzed around awhile trying stuff getting fustrated.
I did something right but I don't know what.
I rebooted a lot, but I bet you've tried that.

#4 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 04:33 PM

Yeah, I've tried just about everything i can think of. It won't even connect online through an ethernet cable connected to the router.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 04:34 PM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 05:07 PM

How can i download that when the computer cannot get internet? Can i download it to another computer and transfer the program over to the one which isn't connecting?

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 05:41 PM

Yes.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 07:03 PM

Okay, I downloaded the program and ran the scan with everything checked. Here's the txt file it gave back:


Farbar Service Scanner
Ran by Nick (administrator) on 08-01-2012 at 19:00:59
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 22:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 22:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 22:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 22:00] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 22:00] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
aswTdi(11) Gpc(7) irda(9) NetBT(6) PSched(8) SYMTDI(10) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
Attention! IpSec Tag value is missing and it should be 5

**** End of log ****


I really hope you can help. I'd love to have this problem resolved as quickly as possible.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 07:19 PM

You have number of registry keys missing, which makes me believe that your computer is/was infected.

Let's see if we can fix your internet connection first.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on ipsec.reg file and confirm the prompt.
Restart computer, check on internet connection and post new FSS log

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 07:57 PM

The internet connection has returned! Thank you so much for that.

Here's the new FSS txt:

Farbar Service Scanner
Ran by Nick (administrator) on 08-01-2012 at 19:56:25
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 22:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 22:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 22:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 22:00] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 22:00] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
aswTdi(11) Gpc(7) IPSec(5) irda(9) NetBT(6) PSched(8) SYMTDI(10) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 08:01 PM

Good news :)

Before we fix other issues I need to see couple more logs.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 09:49 PM

Here are the txt files from the scans:

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 27
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````



MiniToolBox txt:

MiniToolBox by Farbar
Ran by Nick (administrator) on 08-01-2012 at 21:16:04
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : NICKACER

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : rn.hr.cox.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : rn.hr.cox.net

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-1F-3A-54-8D-17

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Sunday, January 08, 2012 9:08:28 PM

Lease Expires . . . . . . . . . . : Sunday, January 15, 2012 9:08:28 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-1D-72-22-9C-56

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.227.84, 74.125.227.80, 74.125.227.81, 74.125.227.82
74.125.227.83



Pinging google.com [74.125.227.83] with 32 bytes of data:



Reply from 74.125.227.83: bytes=32 time=60ms TTL=53

Reply from 74.125.227.83: bytes=32 time=62ms TTL=53



Ping statistics for 74.125.227.83:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 62ms, Average = 61ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=36ms TTL=54

Reply from 98.139.180.149: bytes=32 time=98ms TTL=54



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 98ms, Average = 67ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1f 3a 54 8d 17 ...... Broadcom 802.11g Network Adapter
0x10004 ...00 1d 72 22 9c 56 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.46.27 169.254.46.27 20
169.254.0.0 255.255.0.0 192.168.0.101 192.168.0.101 20
169.254.46.27 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.46.27 169.254.46.27 10
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 25
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 25
224.0.0.0 240.0.0.0 169.254.46.27 169.254.46.27 10
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 25
255.255.255.255 255.255.255.255 169.254.46.27 169.254.46.27 1
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2012 07:55:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/08/2012 07:55:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/08/2012 07:55:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/08/2012 07:55:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/08/2012 07:55:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/08/2012 07:55:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/08/2012 07:54:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/08/2012 07:54:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/08/2012 07:54:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/08/2012 05:32:39 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 1.1.4322.2463- eLockServ.exe - Common Language Runtime Debugging Services: Application has generated an exception that could not be handled.

Process id=0x8e4 (2276), Thread id=0x8e8 (2280).

Click OK to terminate the application.
Click CANCEL to debug the application.


System errors:
=============
Error: (01/07/2012 11:43:42 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (01/07/2012 11:43:42 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (01/07/2012 11:43:42 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (01/07/2012 11:36:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1460

Error: (01/07/2012 11:34:04 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/07/2012 11:34:04 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/07/2012 11:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/07/2012 11:32:33 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/07/2012 11:32:32 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/07/2012 11:32:32 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
7-Zip 9.20
Acer Bio-Protection fingerprint solution 3.0.1.1
Acer eDataSecurity Management (Version: 2.0.4086)
Acer eDataSecurity Management 2.0.4086 (Version: 2.0.4086)
Acer eLock Management (Version: 2.1.4003)
Acer Empowering Technology (Version: 2.03.4000)
Acer ePower Management (Version: 2.00.4001)
Acer ePresentation Management (Version: 2.00.4000)
Acer eSettings Management (Version: 2.03.4003)
Acer GridVista (Version: 2.68.614)
Acer ScreenSaver (Version: 2.11.20070525.1)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 7.0 (Version: 7.0.0)
AIM 7
AppCore (Version: 1)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1017)
ATI Catalyst Control Center (Version: 2.007.0731.2233)
ATI Display Driver (Version: 8.402-070731a-051922C-Acer)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1)
AV (Version: 1)
avast! Free Antivirus (Version: 6.0.1289.0)
Battle.net
Bonjour (Version: 2.0.5.0)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497)
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Czech (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Danish (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Dutch (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Finnish (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Greek (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Norwegian (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Russian (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Swedish (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497)
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497)
ccc-core-preinstall (Version: 2007.0731.2234.38497)
ccc-core-static (Version: 2007.0731.2234.38497)
ccc-utility (Version: 2007.0731.2234.38497)
ccCommon (Version: 106.0.1.10)
Chromas Lite
Diablo
Download Updater (AOL LLC)
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSRedist (Version: 1.0.0.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton AntiVirus (Version: 14.0.0.89)
Norton Confidential Browser Component (Version: 1.0.0.133)
Norton Confidential Web Protection Component (Version: 1.0.0.133)
Norton Internet Security (Symantec Corporation) (Version: 10.0.0.86)
Norton Internet Security (Version: 10.0.0)
Norton Internet Security (Version: 10.0.0.86)
Norton Protection Center (Version: 2007.1.0.118)
NTI Backup NOW! 4.7 (Version: 4)
NTI CD & DVD-Maker (Version: 7)
NTI Shadow (Version: 3.1.5.0)
O2Micro Flash Memory Card Reader Driver Installer(x86) (Version: 3.09)
PowerDVD (Version: 7.0.2802.f)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.5423)
SPBBC 32bit (Version: 3.0.1.10)
Symantec Real Time Storage Protection Component (Version: 10.0.0.115)
SymNet (Version: 7.0.0.170)
Symyx Draw (Version: 3.2)
Synaptics Pointing Device Driver (Version: 8.2.9.0)
VMware View Client (Version: 4.6.0.366101)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB885855 (Version: 20040930.104104)
Xvid Video Codec (Version: 1.3.2)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 766.04 MB
Available physical RAM: 152.96 MB
Total Pagefile: 1872.65 MB
Available Pagefile: 1190.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.15 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:111.78 GB) (Free:91.61 GB) NTFS

========================= Users: ========================================

User accounts for \\NICKACER

Administrator ASPNET Guest
HelpAssistant Nick SUPPORT_388945a0


**** End of log ****


MalwareBytes txt:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Nick :: NICKACER [administrator]

1/8/2012 9:19:47 PM
mbam-log-2012-01-08 (21-19-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187790
Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
c:\documents and settings\nick\local settings\temp\376.4997.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\nick\local settings\temp\kgi7okm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\nick\local settings\temp\kna0.21687214626117846.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\nick\local settings\temp\w6p7ix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\nick\local settings\temp\tue0.4652725125155125.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\nick\local settings\temp\oiu0.01931586148489106.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)


aswMBR txt:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 21:40:23
-----------------------------
21:40:23.453 OS Version: Windows 5.1.2600 Service Pack 2
21:40:23.453 Number of processors: 2 586 0x6802
21:40:23.453 ComputerName: NICKACER UserName: Nick
21:40:27.421 Initialize success
21:40:28.703 AVAST engine defs: 12010801
21:40:49.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:40:49.578 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC31P Size: 114473MB BusType: 3
21:40:49.640 Disk 0 MBR read successfully
21:40:49.656 Disk 0 MBR scan
21:40:49.656 Disk 0 Windows VISTA default MBR code
21:40:49.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
21:40:49.734 Disk 0 scanning sectors +234420480
21:40:49.812 Disk 0 scanning C:\WINDOWS\system32\drivers
21:41:10.968 Service scanning
21:41:11.609 Service .ipsec \* **LOCKED** 123
21:41:13.406 Modules scanning
21:41:31.093 Disk 0 trace - called modules:
21:41:31.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:41:31.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83f5eab8]
21:41:31.156 3 CLASSPNP.SYS[f75a305b] -> nt!IofCallDriver -> \Device\000000c4[0x83fcaf18]
21:41:31.156 5 ACPI.sys[f7369620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83fc9940]
21:41:31.765 AVAST engine scan C:\WINDOWS
21:41:47.078 AVAST engine scan C:\WINDOWS\system32
21:44:57.828 AVAST engine scan C:\WINDOWS\system32\drivers
21:45:07.656 AVAST engine scan C:\Documents and Settings\Nick
21:45:26.562 File: C:\Documents and Settings\Nick\Application Data\Sun\Java\Deployment\cache\6.0\2\31ee1782-544d4243 **INFECTED** Win32:MalOb-GR [Cryp]
21:46:50.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nick\Desktop\MBR.dat"
21:46:51.015 The log file has been saved successfully to "C:\Documents and Settings\Nick\Desktop\aswMBR txt.txt"


The MalwareBytes scan did located 6 infected objects which were removed.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 10:10 PM

You're running two AV programs, Avast and Norton.
One of them has to go.
If Norton use this uninstaller: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

Next...

Clear Java cache as described here: http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
Post new aswMBR log.

Next...

We need to fix Security Center and Windows updates issues.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/



Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Go back to XP.zip package you downloaded previously.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.
See if you can access Security Center and Windows updates.
Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 ghost0nthestage

ghost0nthestage
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 08 January 2012 - 10:48 PM

I can access the Security Center and Windows Updates.

Here is the newest FSS txt:

Farbar Service Scanner
Ran by Nick (administrator) on 08-01-2012 at 22:48:05
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 22:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 22:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 22:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 22:00] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 22:00] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
aswTdi(11) Gpc(7) IPSec(5) irda(9) NetBT(6) PSched(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

I can access the Security Center and Windows Updates.

Here is the newest FSS txt:

Farbar Service Scanner
Ran by Nick (administrator) on 08-01-2012 at 22:48:05
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 22:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 22:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 22:00] - [2004-08-04 22:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 22:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 22:00] - [2004-08-04 22:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 22:00] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 22:00] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
aswTdi(11) Gpc(7) IPSec(5) irda(9) NetBT(6) PSched(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:29 AM

Posted 08 January 2012 - 11:01 PM

Very good :)

Did you?

You're running two AV programs, Avast and Norton.
One of them has to go.
If Norton use this uninstaller: https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=20080710133834EN&lg=english&ct=united+states&product=home&version=1&pvid=f-home&entsrc=redirect_pubweb

Next...

Clear Java cache as described here: http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.shtml
Post new aswMBR log.


If so I need new aswMBR log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users