Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer connecting to network fine but will not connect to internet


  • Please log in to reply
18 replies to this topic

#1 luvscoco

luvscoco

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 08:15 AM

I have a friend’s win xp computer that they desperately need for a expensive

program on it that only runs in win xp.

 

I started out in the win xp forum because I thought it was a problem with the

winsock in the network part of win xp. Through doing some problem solving

with help there, it is now narrowed down to something software is stopping the computer from

connecting to the internet

 

The lan adapter and wifi work fine they connect to the network but they do not

go out to the internet

 

I don’t have a proxy running

 

I did do a reset of the winsock ..no luck

 

if I do a ping it wont get out to the server and fails

 

I cant use any browser I tried 3 and none work. I get page not displayed

 

 

Through some help here we discovered in safe mode I can connect to the

internet. but At this point we are stuck I am not sure if anyone here in the

malware forum can help but I am really hoping to get this computer connecting

again without reinstalling windows xp.

 

Thank you in advance for your help

 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 08:47 AM

Well if you can connect in safe mode but not normally then that sould point to some software or driver conflict.

VPN installed of third party firewall? What about AV that might have a firewall. You can post a FRST log that may provide some clues:

 

See Step 6 on how to generate a FRST log:

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


How Can I Reduce My Risk to Malware?


#3 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 08:56 AM

ok here is a post of frst log

 

I hope this helps

Attached Files



#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 09:43 AM

ok I see all these:

 

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: COMODO Antivirus (Enabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: IObit Malware Fighter (Disabled - Out of date) {0ED16AC2-4656-4907-BD42-21EA693640D6}
AV: avast! Antivirus (Enabled - Out of date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Internet Security 2015 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

 

I know some are disabled but I would uninstall them via the add remove programs panel. Only need one AV on a machine. Pick one AV to keep and uninstall the rest. Also for now I would uninstall comodo FW even ifs it disabled. After the uninstall reboot machine.

Uninstall this also: Driver Booster. Anything that has boost in the title is not worth having free or otherwise.

 

also we will use a FRST script to remove some items. Will post back soon


How Can I Reduce My Risk to Malware?


#5 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 09:56 AM

yes that makes total sense but none of those are listed in add remove programs so I can't do anymore to uninstall them

I did use revo uninstaller to get rid of them I thought.

 

I am unsure of how to remove them at this point

Also the same is true about drive booster i cant remove it anymore than I have either



#6 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 10:46 AM

So you dont see them in the add/remove programs panel? Do you see any of the in the programs list. Start>Programs?What AV is in use, should see the icon by the system clock.

We will use FRST: Run the fix below in normal mode, not safe mode

​Copy whats below into notepad and save it as fixlist.txt. Save it in the same location your have FRST installed. Start FRST like before except this time click on the Fix button once. Machine will reboot to finish the removal process. Upon reboot it will display a new log called fixlog.txt which you can copy/paste in your reply.

​May not be back online for several hours.

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1993962763-1532298954-839522115-1003 -> {29c5f355-0907-4719-9f15-30ff0459607f} URL = 
SearchScopes: HKU\S-1-5-21-1993962763-1532298954-839522115-1003 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
Toolbar: HKLM - No Name - {2E5E800E-6AC0-411E-940A-369530A35E43} -  No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [133]
NETSVC: MHN -> C:\Windows\System32\mhn.dll
cmd: netsh winsock reset
Empty Temp:


How Can I Reduce My Risk to Malware?


#7 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 10:58 AM

here are the results of the fix

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-09-2016 02
Ran by Philips (25-09-2016 08:54:24) Run:1
Running from C:\Documents and Settings\Philips\Desktop
Loaded Profiles: Philips (Available Profiles: Philips & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1993962763-1532298954-839522115-1003 -> {29c5f355-0907-4719-9f15-30ff0459607f} URL =
SearchScopes: HKU\S-1-5-21-1993962763-1532298954-839522115-1003 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKLM - No Name - {2E5E800E-6AC0-411E-940A-369530A35E43} -  No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [133]
NETSVC: MHN -> C:\Windows\System32\mhn.dll
cmd: netsh winsock reset
Empty Temp:
*****************

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1993962763-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{29c5f355-0907-4719-9f15-30ff0459607f}" => key removed successfully.
HKCR\CLSID\{29c5f355-0907-4719-9f15-30ff0459607f} => key not found.
"HKU\S-1-5-21-1993962763-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2E5E800E-6AC0-411E-940A-369530A35E43} => value removed successfully.
HKCR\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully..
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs MHN => value removed successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 79698 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 51016 B
Java, Flash, Steam htmlcache => 6718669 B
Windows/system/dllcache/drivers => 330142 B
Edge => 0 B
Chrome => 1640960 B
Firefox => 85296406 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 66164 B
All Users => 0 B
systemprofile => 518713084 B
LocalService => 13218440 B
NetworkService => 330837723 B
Philips => 12296887 B
Administrator => 4239190 B

RecycleBin => 125008546 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:54:53 ====



#8 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 02:11 PM

So you dont see any of those AV in the add/remove programs panel?

Do you see any of them in the programs list. Start>Programs? What AV is in use, should see the icon by the system clock.


How Can I Reduce My Risk to Malware?


#9 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 02:41 PM

I uninstall avast which was in use just until I get this connection problem fixed

 

so no antivirus is being used right now

no none those antivirses are listed in programs either

 

and nothing is in the lower right by the system clock because I uninstalled avast



#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 05:00 PM

Take a look in device manager and see if this device is enabled., If not enable it, reboot and see if that helps

 

Intel® PRO/Wireless 3945ABG Network Connection
Description: Intel® PRO/Wireless 3945ABG Network Connection
Manufacturer: Intel Corporation


How Can I Reduce My Risk to Malware?


#11 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 05:15 PM

I had it disabled to get the lan working and then work on that but

I re-enabled it and it is connected to the network

 

I just doesnt get out to the internet

webpages wont display and

when I try a ping it doesnt get to the server



#12 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 25 September 2016 - 07:29 PM

Havent seen a XP machine in a while but you can try resetting the windows firewall back to its defaults:

 

 

Type firewall.cpl in Start, Run dialog window

Click the Advanced tab.

Click the Restore Defaults button.

Click Yes to continue

 

Or from a cmd prompt you could type: netsh firewall reset

to do the same thing


How Can I Reduce My Risk to Malware?


#13 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 25 September 2016 - 07:59 PM

ok I did that and even turned off the firewall

 

did a restart but no change



#14 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:50 AM

Posted 26 September 2016 - 06:21 PM

we will use FRST again like before to remove some items, so just like you did last time. Copy/paste whats below into notepad, save it. Open FRST and clcik the fix button. Machine will reboot. Post the log.

Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\Open Chrome.job => C:\DOCUME~1\Philips\LOCALS~1\APPLIC~1\Google\Chrome\Application\chrome.exeátoolbar.avg.com/
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-25] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-04-25] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-04-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-25] (AVAST Software)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17416 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [637480 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [31704 2016-04-06] (COMODO)
C:\Windows\System32\DRIVERS\avckf.sys
C:\Windows\System32\DRIVERS\avchv.sys
C:\Windows\System32\DRIVERS\avc3.sys
C:\Windows\System32\DRIVERS\cmderd.sys
C:\Windows\System32\DRIVERS\cmdguard.sys
2014-05-24 08:18 - 2014-05-24 08:18 - 11211264 ____C (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-06-30 17:16 - 2016-05-04 20:14 - 0000000 ____C () C:\Documents and Settings\Philips\Application Data\rightsCheck_1.txt
2012-01-12 08:29 - 2012-01-12 08:29 - 0000022 __SHC () C:\Documents and Settings\Philips\Application Data\Sys2662.Config.Repository.bin
2010-08-05 09:54 - 2010-08-05 09:54 - 0000000 ____C () C:\Documents and Settings\Philips\Application Data\wklnhst.dat
2011-04-10 22:21 - 2012-09-15 11:46 - 0007680 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-22 05:44 - 2012-06-22 05:44 - 0033758 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\dt.dat
2010-08-03 22:25 - 2010-08-03 22:25 - 0000130 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\fusioncache.dat
2014-03-28 11:49 - 2014-03-28 11:49 - 0044917 ____C () C:\Documents and Settings\All Users\Application Data\1396032561.bdinstall.bin
2014-03-28 12:23 - 2014-03-28 12:23 - 0044794 ____C () C:\Documents and Settings\All Users\Application Data\1396032970.bdinstall.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0043409 ____C () C:\Documents and Settings\All Users\Application Data\1396035322.204.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0002052 ____C () C:\Documents and Settings\All Users\Application Data\1396035322.2092.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0001267 ____C () C:\Documents and Settings\All Users\Application Data\1396035322.3164.bin
2014-03-29 07:25 - 2014-03-29 07:25 - 0199768 ____C () C:\Documents and Settings\All Users\Application Data\1396102935.bdinstall.bin
2014-04-09 12:18 - 2014-04-09 12:18 - 0037176 ____C () C:\Documents and Settings\All Users\Application Data\1397071047.bdinstall.bin
2014-04-09 12:20 - 2014-04-09 12:20 - 0058803 ____C () C:\Documents and Settings\All Users\Application Data\1397071096.bdinstall.bin
2010-08-05 05:59 - 2010-08-05 05:59 - 0000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
C:\Windows\System32\DRIVERS\cmdhlp.sys
2016-09-24 18:56 - 2016-04-21 18:56 - 00000440 _____ C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2016-09-24 18:56 - 2016-04-21 18:56 - 00000440 _____ C:\Windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2016-09-24 12:59 - 2012-02-04 07:07 - 00000000 ____D C:\Program Files\IObit
C:\Documents and Settings\Philips\sqlite3.dll
CHR HKU\S-1-5-21-1993962763-1532298954-839522115-1003\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com

there is a way in XP to perform a clean boot. It will load only minimal drivers and start up items needed to boot the machine. Its a troubleshooting tool that may help to pinpont the problem. I will try to find some good links to follow. You can try that if you want.

 


How Can I Reduce My Risk to Malware?


#15 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:50 AM

Posted 26 September 2016 - 08:31 PM

ok here is the run of that fix

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-09-2016 02
Ran by Philips (26-09-2016 18:25:32) Run:2
Running from C:\Documents and Settings\Philips\Desktop
Loaded Profiles: Philips (Available Profiles: Philips & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft
Corporation)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\Open Chrome.job => C:\DOCUME~1\Philips\LOCALS~1\APPLIC~1\Google\Chrome\Application\chrome.exeátoolbar.avg.com/
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
C:\Program
Files\IObit\LiveUpdate\LiveUpdate.exe
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-25] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-04-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-25] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-04-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-04-25] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [187208 2016-04-25] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67216 2016-04-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221368 2016-04-25] (AVAST Software)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17]
(BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17416 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [637480 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [31704 2016-04-06] (COMODO)
C:\Windows\System32\DRIVERS\avckf.sys
C:\Windows\System32\DRIVERS\avchv.sys
C:\Windows\System32\DRIVERS\avc3.sys
C:\Windows\System32\DRIVERS\cmderd.sys
C:\Windows\System32\DRIVERS\cmdguard.sys
2014-05-24 08:18 - 2014-05-24 08:18 - 11211264 ____C (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-06-30 17:16 - 2016-05-04 20:14 - 0000000 ____C () C:\Documents and Settings\Philips\Application Data\rightsCheck_1.txt
2012-01-12 08:29 - 2012-01-12 08:29 - 0000022 __SHC () C:\Documents and Settings\Philips\Application Data\Sys2662.Config.Repository.bin
2010-08-05
09:54 - 2010-08-05 09:54 - 0000000 ____C () C:\Documents and Settings\Philips\Application Data\wklnhst.dat
2011-04-10 22:21 - 2012-09-15 11:46 - 0007680 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-22 05:44 - 2012-06-22 05:44 - 0033758 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\dt.dat
2010-08-03 22:25 - 2010-08-03 22:25 - 0000130 ____C () C:\Documents and Settings\Philips\Local Settings\Application Data\fusioncache.dat
2014-03-28 11:49 - 2014-03-28 11:49 - 0044917 ____C () C:\Documents and Settings\All Users\Application Data\1396032561.bdinstall.bin
2014-03-28 12:23 - 2014-03-28 12:23 - 0044794 ____C () C:\Documents and Settings\All Users\Application Data\1396032970.bdinstall.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0043409 ____C () C:\Documents and Settings\All Users\Application Data\1396035322.204.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0002052 ____C ()
C:\Documents and Settings\All Users\Application Data\1396035322.2092.bin
2014-03-28 12:35 - 2014-03-28 12:35 - 0001267 ____C () C:\Documents and Settings\All Users\Application Data\1396035322.3164.bin
2014-03-29 07:25 - 2014-03-29 07:25 - 0199768 ____C () C:\Documents and Settings\All Users\Application Data\1396102935.bdinstall.bin
2014-04-09 12:18 - 2014-04-09 12:18 - 0037176 ____C () C:\Documents and Settings\All Users\Application Data\1397071047.bdinstall.bin
2014-04-09 12:20 - 2014-04-09 12:20 - 0058803 ____C () C:\Documents and Settings\All Users\Application Data\1397071096.bdinstall.bin
2010-08-05 05:59 - 2010-08-05 05:59 - 0000004 ___HC () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
C:\Windows\System32\DRIVERS\cmdhlp.sys
2016-09-24 18:56 - 2016-04-21 18:56 - 00000440 _____ C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2016-09-24 18:56 - 2016-04-21 18:56 - 00000440 _____ C:\Windows\Tasks\COMODO Signature Update
{B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2016-09-24 12:59 - 2012-02-04 07:07 - 00000000 ____D C:\Program Files\IObit
C:\Documents and Settings\Philips\sqlite3.dll
CHR HKU\S-1-5-21-1993962763-1532298954-839522115-1003\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
*****************

Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft => Error: No automatic fix found for this entry.
Corporation) => Error: No automatic fix found for this entry.
C:\Windows\Tasks\avast! Emergency Update.job => not found.
C:\Windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => moved successfully
C:\Windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => moved successfully
C:\Windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => moved successfully
C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => moved successfully
C:\Windows\Tasks\Open Chrome.job => moved successfully
LiveUpdateSvc => service removed successfully.
"C:\Program" => not found.
Files\IObit\LiveUpdate\LiveUpdate.exe => Error: No automatic fix found for this entry.
aswHwid => service not found.
aswKbd => service not found.
aswMonFlt => service not found.
aswRdr => service not found.
aswRvrt => service not found.
aswSnx => service not found.
aswSP => service not found.
aswStmXP => service not found.
aswTdi => service not found.
aswVmm => service not found.
avc3 => Unable to stop service.
avc3 => service removed successfully.
(BitDefender) => Error: No automatic fix found for this entry.
avchv => Unable to stop service.
avchv => service removed successfully.
avckf => service removed successfully.
cmderd => Unable to stop service.
cmderd => service removed successfully.
cmdGuard => Unable to stop service.
cmdGuard => service removed successfully.
cmdHlp => Unable to stop service.
cmdHlp => service removed successfully.
C:\Windows\System32\DRIVERS\avckf.sys => moved successfully
C:\Windows\System32\DRIVERS\avchv.sys => moved successfully
C:\Windows\System32\DRIVERS\avc3.sys => moved successfully
C:\Windows\System32\DRIVERS\cmderd.sys => moved successfully
C:\Windows\System32\DRIVERS\cmdguard.sys => moved successfully
C:\Program Files\Common Files\lpuninstall.exe => moved successfully
C:\Documents and Settings\Philips\Application Data\rightsCheck_1.txt => moved successfully
C:\Documents and Settings\Philips\Application Data\Sys2662.Config.Repository.bin => moved successfully
2010-08-05 => Error: No automatic fix found for this entry.
09:54 - 2010-08-05 09:54 - 0000000 ____C () C:\Documents and Settings\Philips\Application Data\wklnhst.dat => Error: No automatic fix found for this entry.
C:\Documents and Settings\Philips\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Documents and Settings\Philips\Local Settings\Application Data\dt.dat => moved successfully
C:\Documents and Settings\Philips\Local Settings\Application Data\fusioncache.dat => moved successfully
C:\Documents and Settings\All Users\Application Data\1396032561.bdinstall.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1396032970.bdinstall.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1396035322.204.bin => moved successfully
"2014-03-28 12:35 - 2014-03-28 12:35 - 0002052 ____C ()" => not found.
C:\Documents and Settings\All Users\Application Data\1396035322.2092.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1396035322.3164.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1396102935.bdinstall.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1397071047.bdinstall.bin => moved successfully
C:\Documents and Settings\All Users\Application Data\1397071096.bdinstall.bin => moved successfully
Could not move "C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare" => Scheduled to move on reboot.
C:\Windows\System32\DRIVERS\cmdhlp.sys => moved successfully
"C:\Windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job" => not found.
"C:\Windows\Tasks\COMODO Signature Update" => not found.
{B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => Error: No automatic fix found for this entry.
C:\Program Files\IObit => moved successfully
C:\Documents and Settings\Philips\sqlite3.dll => moved successfully
"HKU\S-1-5-21-1993962763-1532298954-839522115-1003\SOFTWARE\Policies\Google" => key removed successfully.
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-09-2016 18:28:46)

"C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare" => Could not move

==== End of Fixlog 18:28:46 ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users