Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to connect to internet


  • This topic is locked This topic is locked
12 replies to this topic

#1 crojj42

crojj42

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 31 August 2014 - 01:59 PM

Hi. I have a windows desktop that has been unable to connect to the internet for about two years now since removal of malware. Every now and then I reopen the issue (have been to other forums as well) without success. I would like to try again. Do I restart with the same search/log?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 02 September 2014 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If you have an internet connection run this tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 06 September 2014 - 04:59 AM

Hi. Where do I find the startbtn.gif button?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 06 September 2014 - 08:08 AM

Bottom of your Screen on the left.
The windows logo.

Or holding the Windows logo on your keyboard and press the R key and the same time.

It should open the Run box.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 11 September 2014 - 09:09 AM

Are you still with me?

#6 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 14 September 2014 - 10:42 AM

Hi. So I tried running the config commands but was unsuccessful. The message I get is "config is not recognized as an internal or external command, operable program, or batch file."

Attached is the addition log and below is the frst log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Heba (administrator) on DAHAB on 14-09-2014 11:28:48
Running from C:\Documents and Settings\Heba\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Salaat Time - www.salaattime.com) C:\Program Files\Salaat Time\SalaatTime.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Microsoft® Corporation) C:\Program Files\Microsoft Works\WkDStore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185896 2008-01-27] (RealNetworks, Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [172032 2006-01-13] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [SalaatTime] => C:\Program Files\Salaat Time\SalaatTime.exe [13443072 2007-08-26] (Salaat Time - www.salaattime.com)
HKU\S-1-5-21-3918639563-2636724751-2286751100-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: SnapFlash Class -> {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} -> C:\Program Files\Common Files\Justdo\Jd2002.dll (justDo Software)
BHO: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111023&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol305.dll (BrightStreet.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npsnapfish.dll ( )
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\bing-zugo.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-01-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-02-08]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-01-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-29]

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Heba\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx []
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx [2011-07-08]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2011-07-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R0 BlackBox; C:\WINDOWS\system32\Drivers\BlackBox.sys [35712 2011-10-01] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-17] (HP)
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] () [File not signed]
S3 KDZfiltr; C:\WINDOWS\System32\DRIVERS\KDZfiltr.sys [4864 2002-09-26] (MOTO Development Group) [File not signed]
R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1022040 2005-08-17] (SigmaTel, Inc.)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S3 bvrp_pci; No ImagePath
S3 BW2NDIS5; System32\Drivers\BW2NDIS5.sys [X]
S3 catchme; \??\C:\DOCUME~1\Heba\LOCALS~1\Temp\catchme.sys [X]
S3 FINEPIX_PCC; System32\Drivers\V4CB011D.SYS [X]
S3 ialm; system32\DRIVERS\ialmnt5.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S3 ZSMC301b; System32\Drivers\usbVM31b.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: EAWDMFD -> No Registry Path.
NETSVC: IPSECSHM -> No Registry Path.
NETSVC: oraclemtsrecoveryservice -> No Registry Path.
NETSVC: ss_mdfl -> No Registry Path.
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:28 - 2014-09-14 11:29 - 00016821 _____ () C:\Documents and Settings\Heba\Desktop\FRST.txt
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\FRST
2014-09-14 11:28 - 2014-09-14 11:22 - 01097728 ____N (Farbar) C:\Documents and Settings\Heba\Desktop\FRST.exe
2014-09-07 21:42 - 2014-09-07 21:52 - 00000000 ____D () C:\Documents and Settings\Heba\My Documents\MarySummerReader2014
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Temp
2014-08-19 12:28 - 2014-08-19 12:56 - 00002457 _____ () C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
2014-08-19 12:24 - 2014-08-19 12:24 - 00000000 ____D () C:\Program Files\Hewlett-Packard

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:29 - 2014-09-14 11:28 - 00016821 _____ () C:\Documents and Settings\Heba\Desktop\FRST.txt
2014-09-14 11:29 - 2012-06-27 21:52 - 00000000 ____D () C:\Documents and Settings\Heba\Local Settings\temp
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\FRST
2014-09-14 11:22 - 2014-09-14 11:28 - 01097728 ____N (Farbar) C:\Documents and Settings\Heba\Desktop\FRST.exe
2014-09-14 11:16 - 2008-06-14 22:24 - 00633926 _____ () C:\WINDOWS\setupapi.log
2014-09-14 11:16 - 2006-01-29 12:11 - 00004325 _____ () C:\WINDOWS\setupact.log
2014-09-13 15:33 - 2012-04-26 14:31 - 01047112 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-11 18:14 - 2005-08-16 06:35 - 00001591 _____ () C:\WINDOWS\wiadebug.log
2014-09-07 21:52 - 2014-09-07 21:42 - 00000000 ____D () C:\Documents and Settings\Heba\My Documents\MarySummerReader2014
2014-09-07 21:52 - 2006-02-02 21:28 - 00039312 _____ () C:\Documents and Settings\Heba\Application Data\wklnhst.dat
2014-09-07 21:36 - 2006-03-24 12:01 - 00203264 _____ () C:\Documents and Settings\Heba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-07 17:01 - 2014-01-25 14:51 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-07 15:33 - 2005-08-16 06:38 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-07 15:32 - 2005-08-16 06:35 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-07 15:29 - 2005-08-16 06:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-07 15:23 - 2006-02-01 23:07 - 00000178 ___SH () C:\Documents and Settings\Heba\ntuser.ini
2014-09-07 15:23 - 2005-08-16 06:49 - 00032282 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-07 15:17 - 2005-08-16 06:33 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-07 15:08 - 2006-08-02 13:25 - 00000000 ____D () C:\Documents and Settings\Heba\Desktop\Quran
2014-09-07 14:53 - 2006-10-28 16:59 - 00000774 _____ () C:\WINDOWS\cdplayer.ini
2014-09-07 14:17 - 2005-08-16 06:18 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-27 14:48 - 2011-09-01 00:33 - 00000731 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-08-27 14:48 - 2005-08-16 06:38 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-08-27 14:47 - 2005-08-16 06:18 - 00000663 _____ () C:\WINDOWS\win.ini
2014-08-19 13:07 - 2014-08-19 13:07 - 00000000 ____D () C:\Temp
2014-08-19 12:56 - 2014-08-19 12:28 - 00002457 _____ () C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
2014-08-19 12:54 - 2006-02-11 08:06 - 00005481 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-08-19 12:32 - 2011-09-01 00:28 - 00176316 _____ () C:\WINDOWS\hpwins19.dat
2014-08-19 12:31 - 2006-01-29 12:30 - 00000295 _____ () C:\WINDOWS\wininit.ini
2014-08-19 12:28 - 2011-10-02 14:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-08-19 12:27 - 2008-07-24 00:16 - 00000000 ____D () C:\Program Files\HP
2014-08-19 12:25 - 2005-08-16 06:22 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-19 12:24 - 2014-08-19 12:24 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-19 12:23 - 2011-09-01 00:29 - 00002650 _____ () C:\WINDOWS\MSI30-KB884016.log

Files to move or delete:
====================
C:\Documents and Settings\Heba\GoToAssist_chat2way__317_en.exe
C:\Documents and Settings\Heba\hpothb07.dat


Some content of TEMP:
====================
C:\Documents and Settings\Heba\Local Settings\temp\difxapi.dll
C:\Documents and Settings\Heba\Local Settings\temp\hpzmsi01.exe
C:\Documents and Settings\Heba\Local Settings\temp\hpzscr01.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 14 September 2014 - 01:19 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
BHO: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111023&q=
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\bing-zugo.xml
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx []
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx [2011-07-08]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2011-07-08]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S3 BW2NDIS5; System32\Drivers\BW2NDIS5.sys [X]
S3 catchme; \??\C:\DOCUME~1\Heba\LOCALS~1\Temp\catchme.sys [X]
S3 FINEPIX_PCC; System32\Drivers\V4CB011D.SYS [X]
S3 ialm; system32\DRIVERS\ialmnt5.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S3 ZSMC301b; System32\Drivers\usbVM31b.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#8 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 14 September 2014 - 09:14 PM

Hi. I did everything as stated, but when I try to install my netgear wireless adapter, it is not recognized by the computer. No network connection gets recognized. Months ago, I had the desktop directly connected to the modem, yet it displayed and functioned like there was no connection. Everything had been fine prior to massive virus/malware infection and cleanup. When the computer wouldn't recognize the direct connection, I added a router but had the exact same issue. Then I moved the modem elsewhere and bought the netgear wireless adapter, but as I stated it is not even recognized although it lights up appropriately. Below are the requested logs.

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Heba at 2014-09-14 17:34:12 Run:1
Running from C:\Documents and Settings\Heba\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
BHO: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111023&q=
FF user.js: detected! => C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js
FF SearchPlugin: C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\bing-zugo.xml
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx []
CHR HKLM\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx [2011-07-08]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx [2011-07-08]
S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]
S3 BW2NDIS5; System32\Drivers\BW2NDIS5.sys [X]
S3 catchme; \??\C:\DOCUME~1\Heba\LOCALS~1\Temp\catchme.sys [X]
S3 FINEPIX_PCC; System32\Drivers\V4CB011D.SYS [X]
S3 ialm; system32\DRIVERS\ialmnt5.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S3 ZSMC301b; System32\Drivers\usbVM31b.sys [X]

End

*****************

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
"HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\user.js => Moved successfully.
C:\Documents and Settings\Heba\Application Data\Mozilla\Firefox\Profiles\jxcs0yxa.default\searchplugins\bing-zugo.xml => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje" => Key deleted successfully.
"C:\Program Files\DealPly\DealPly.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon" => Key deleted successfully.
Could not move "C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx" => Scheduled to move on reboot.
"HKCU\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje" => Key deleted successfully.
"C:\Program Files\DealPly\DealPly.crx" => File/Directory not found.
AFGMp50 => Service deleted successfully.
AFGSp50 => Service deleted successfully.
BW2NDIS5 => Service deleted successfully.
catchme => Service deleted successfully.
FINEPIX_PCC => Service deleted successfully.
ialm => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
mdmxsdk => Service deleted successfully.
PalmUSBD => Service deleted successfully.
wanatw => Service deleted successfully.
ZSMC301b => Service deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-14 17:35:03)<=

C:\Documents and Settings\All Users\Application Data\WeCareReminder\\wecarereminderro.crx => Is moved successfully.

==== End of Fixlog ====


Checkup:
Results of screen317's Security Check version 0.99.87
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 15 September 2014 - 07:48 AM

What is the model number of your new netgear wireless adapter.

The XP Operating System on the computer might not support the Plug & Play feature.

You can check with them.
http://support.netgear.com/for_home/

#10 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 15 September 2014 - 09:04 AM

Hi. The netgear adapter model is WNA3100. I checked the FAQ on the website you linked, and it is supposed to work with windows xp so long as service pack 2 is installed. My system is up to service pack 3. Plus I have been using the CD for installation. I haven't had any problems with plug and play devices before.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 15 September 2014 - 10:55 AM


Refer to this Microsoft page.
https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/pnp_driver_support.mspx?mfr=true

It may just be that you need the latest driver.

===

If that fails to solve your problem I suggest you check with the Networking forum http://www.bleepingcomputer.com/forums/forum21.html
and see if someone with more experience in that field.

This is not my forte.

#12 crojj42

crojj42
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 15 September 2014 - 11:20 AM

Hi. Thank you. I will take this to the network forum and see what can be done about it.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 AM

Posted 21 September 2014 - 06:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users