Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Acquire Network Address


  • This topic is locked This topic is locked
9 replies to this topic

#1 wildzero

wildzero

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 12 September 2012 - 10:46 AM

Hello thanks for taking the time to help. Just yesterday out of nowhere my computer was unable to connect to the internet. I assume it is not a router issue since other computers can access the internet with no issue. Combined with abruptly slow startup on the PC, I figured I should send in the logs and have someone check it out. Thanks for your help!

(I tried to attach the Attach and Ark txt files but it said they were too big to attach. Let me know if you need them)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:11 PM, on 9/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Greg\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Greg\Application Data\Spotify\Data\SpotifyWebHelper.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fpass.ed.gov
O15 - Trusted Zone: http://www.fpass.ed.gov
O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://fpass.ed.gov/vdesk/cachecleaner.cab#version=7000,2010,1020,1401
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://fpass.ed.gov/vdesk/terminal/f5tunsrv.cab#version=7000,2011,104,2309
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://fpass.ed.gov/vdesk/terminal/InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://www.fpass.ed.gov/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://fpass.ed.gov/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://fpass.ed.gov/vdesk/terminal/urxhost.cab#version=7000,2011,124,911
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://www.fpass.ed.gov/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2010,1020,1432
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8247 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Greg at 12:46:15 on 2012-09-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1621 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Greg\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
svchost.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\greg\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\documents and settings\greg\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ed.gov\fpass
Trusted Zone: ed.gov\www.fpass
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://fpass.ed.gov/vdesk/cachecleaner.cab#version=7000,2010,1020,1401
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://fpass.ed.gov/vdesk/terminal/f5tunsrv.cab#version=7000,2011,104,2309
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://fpass.ed.gov/vdesk/terminal/InstallerControl.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://www.fpass.ed.gov/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://fpass.ed.gov/vdesk/terminal/urxshost.cab#version=7000,2010,1020,1428
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://fpass.ed.gov/vdesk/terminal/urxhost.cab#version=7000,2011,124,911
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://www.fpass.ed.gov/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2010,1020,1432
TCP: Interfaces\{ADEA19D0-3DDC-4AD3-8E79-6D1DE60F0E0D} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 10.0.0.34 sharepoint.XXX.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\hig1dv12.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\greg\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-16 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-18 353688]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-18 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-18 44808]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-3-9 3857408]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\documents and settings\greg\desktop\emsisoftemergencykit\run\a2ddax86.sys --> c:\documents and settings\greg\desktop\emsisoftemergencykit\run\a2ddax86.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2011-11-25 45608]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
.
=============== Created Last 30 ================
.
2012-09-10 13:01:30 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2012-08-21 18:27:32 404680 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:47:20.70 ===============

Edited by nasdaq, 15 September 2012 - 07:27 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 14 September 2012 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
Click Go and copy/paste the log (Result.txt) into your next post.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs for my review.

#3 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 14 September 2012 - 07:45 PM

Thanks nasdaq

Note: One of the host files on my laptop has my company's name in it - I edited it out. If you need it, let me know.


MiniToolBox by Farbar Version: 23-07-2012
Ran by Greg (administrator) on 14-09-2012 at 20:32:12
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
10.0.0.34 sharepoint.<EDIT>.com
127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : greglaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-44-AE-AD-A1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

IP Address. . . . . . . . . . . . : fe80::216:44ff:feae:ada1%4

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 16 44 ae ad a1 ...... Dell Wireless 1395 WLAN Mini-Card
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/14/2012 08:28:18 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 11:49:20 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 01:51:07 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 00:33:48 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 11:20:14 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 01:06:20 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 00:31:25 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/11/2012 00:25:33 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (09/10/2012 06:30:33 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module aswwebrepie.dll, version 7.0.1456.418, fault address 0x0004d9fb.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/10/2012 06:18:04 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)


System errors:
=============
Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10050

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd

Error: (09/14/2012 08:29:31 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the following nonexistent service: Afd

Error: (09/12/2012 11:30:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (09/12/2012 11:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

Error: (09/11/2012 11:50:32 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd


Microsoft Office Sessions:
=========================
Error: (06/06/2012 10:09:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/17/2011 01:33:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/14/2011 04:53:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/14/2011 04:52:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/19/2011 08:02:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by Greg (administrator) on 14-09-2012 at 20:35:38
Running from "C:\Documents and Settings\Greg\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) DNE(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(10)
0x0A0000000500000001000000020000000300000004000000080000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

Edited by wildzero, 14 September 2012 - 07:49 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 15 September 2012 - 07:29 AM

FOR Windows XP USERS ONLY
Please download XP.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
ipsec.reg
netbt.reg
wscsvc.reg
wuauserv.reg

legacy_afd.reg
legacy_ipsec.reg
legacy_netbt.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of the 10 .reg files in turn and click Yes to add it to the Registry
Allow registry merge.
When the 10 file have been executed.
Restart computer and see if internet works.

#5 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 15 September 2012 - 12:12 PM

I received the following errors when trying to import the 5 "legacy_" entries:

"Cannot import C:\Documents and Settings\Greg\Desktop\temp\Legacy_netbt.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes."

"Cannot import C:\Documents and Settings\Greg\Desktop\temp\Legacy_wscsvc.reg: Error accessing the registry."

The other 5 entries and the batch file seemed to import with no issue. I restarted and the internet is now working. Computer is still running a little slow. And my IP address has definitly changed from what it used to be. That "fe80::216:44ff..." address is foreign to me, I've never seen it before.

One other issue popped up when the internet came back. I was notified that the Windows Firewall was disabled. I tried to re-enable through the security center and it would not do it, the pop-up suggested that I go through the control panel and reset it. I tried to access the firewall through the COntrol Panel and received the following error: "Due to an unidentied problem, Windows cannot display Windows Firewall settings"

Edited by wildzero, 15 September 2012 - 12:17 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 15 September 2012 - 01:29 PM

Go to this page and try the Resolution 1.

http://windowsxp.mvps.org/sharedaccess.htm

Keep me posted.

#7 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 15 September 2012 - 04:39 PM

Thanks nasdaq, that did the trick for the firewall. So, I assume a virus is to blame? Any signs in the logs of what caused this? And any idea why my IP address has changed?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 16 September 2012 - 07:58 AM

Good news.

As for your IP address it may have been changed when you have executed the MiniToolBox.
If all is well nothing to worry about. If you have any difficulties I would check my settings with my Internet Provider.
===

Lets continue the clean-up.

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


#9 wildzero

wildzero
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 16 September 2012 - 05:42 PM

Thanks nasdaq


# AdwCleaner v2.002 - Logfile created 09/16/2012 at 18:33:43
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Greg - GREGLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Greg\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v3.6.28 (en-US)

Profile name : default
File : C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\hig1dv12.default\prefs.js

C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\hig1dv12.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2797 octets] - [16/09/2012 18:33:43]

########## EOF - C:\AdwCleaner[S1].txt - [2857 octets] ##########



Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.23 Flash Player out of Date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:45 PM

Posted 17 September 2012 - 07:31 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 31


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

After this update if these old versions are still showing delete the using the Add/Remove Programs applet.
Adobe Flash Player 10
Adobe Flash Player 10.3.183.23

===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users