Not able to Access sites anymore and will not load

View previous topic View next topic Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 29th April 2013, 12:55 am

Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 28-04-2013 at 20:50:09
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 29th April 2013, 1:25 am

Aha, two infected files. Now we need to find two clean ones.

Please download SystemLook from one of the links below and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.
Code:
:filefind
ipsec.sys
afd.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 29th April 2013, 11:39 pm

not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 30th April 2013, 12:34 am

[You must be registered and logged in to see this link.] wrote:not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"
You should be able to download to a USB memory stick, transfer it to your desktop and then try to run it. I need to see where I can find a copy of those files.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 30th April 2013, 1:39 am

It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 30th April 2013, 7:14 pm

[You must be registered and logged in to see this link.] wrote:It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"
And, what happens then? Does it close?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 30th April 2013, 11:36 pm

nothing, everytime you the script required box comes up you can't do anything and when you close it the program is still up but then you click look button again and it starts all over. maybe it isn't downloading properly due to the fact the this other computer i am typing on is messed up as well. the other scans downloaded ok it seemed.

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 1st May 2013, 7:17 pm

Please download and run [You must be registered and logged in to see this link.] This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
***********************************************************
Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    FileLook::
    C:\WINDOWS\system32\Drivers\afd.sys
    C:\WINDOWS\system32\Drivers\ipsec.sys

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 3rd May 2013, 4:00 pm

was not able to run microsoft scanner first. was getting a javascript void error.
ran combo fix first. now able to run the other scan. Here is the results of the combo scan:
ComboFix 13-05-01.03 - Dell User 05/03/2013 11:27:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.445 [GMT -4:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Dell User\Desktop\EZ-Tracks.com.lnk
c:\documents and settings\Dell User\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 14:51 . 2013-05-03 14:51 -------- d-----w- c:\documents and settings\Dell User\Application Data\Registry Kit
2013-05-03 14:41 . 2013-05-03 14:56 -------- d-----w- c:\program files\Registry Kit
2013-05-01 00:05 . 2013-05-01 00:08 -------- dc-h--w- c:\windows\ie8
2013-04-30 00:24 . 2013-04-30 00:24 -------- d-----w- c:\windows\ERUNT
2013-04-30 00:23 . 2013-04-30 00:23 -------- d-----w- C:\JRT
2013-04-29 02:06 . 2013-05-03 15:40 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-29 01:02 . 2013-04-29 01:02 -------- d-----w- c:\documents and settings\Dell User\Local Settings\Application Data\Sun
2013-04-28 23:19 . 2013-04-28 23:19 -------- d-----w- C:\RegBackup
2013-04-28 03:18 . 2013-04-29 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-28 03:15 . 2013-04-28 03:15 -------- d-----w- c:\program files\Tweaking.com
2013-04-28 02:20 . 2008-04-13 21:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-04-28 02:19 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-04-28 02:19 . 2008-04-13 21:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-04-28 02:19 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-04-28 02:19 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-04-28 02:19 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-04-28 02:18 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-04-28 02:18 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-04-28 02:18 . 2008-04-13 15:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-04-28 02:18 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-04-28 02:18 . 2008-04-13 21:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-28 02:18 . 2008-04-13 15:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-04-28 02:18 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-04-28 02:18 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD952.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94F.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94C.tmp
2013-04-28 02:16 . 2001-08-17 16:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-04-28 02:15 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-04-28 02:15 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2013-04-28 02:15 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-04-28 02:15 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-04-28 02:15 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-04-28 02:15 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2013-04-28 02:15 . 2001-08-17 17:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2013-04-28 02:15 . 2008-04-13 15:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-04-28 02:15 . 2008-04-13 15:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2013-04-28 02:15 . 2004-08-04 02:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2013-04-28 02:15 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\OLD8DC.tmp
2013-04-28 02:15 . 2008-04-14 00:11 65024 -c--a-w- c:\windows\system32\dllcache\OLD8D9.tmp
2013-04-28 02:15 . 2001-08-18 02:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-04-28 02:13 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2013-04-28 02:12 . 2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\dllcache\OLD898.tmp
2013-04-28 02:11 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-04-28 02:10 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2013-04-28 02:10 . 2004-08-04 10:00 16896 -c--a-w- c:\windows\system32\dllcache\OLD850.tmp
2013-04-28 02:10 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2013-04-28 02:10 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-04-28 02:10 . 2004-08-04 10:00 101376 -c--a-w- c:\windows\system32\dllcache\OLD847.tmp
2013-04-28 02:10 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-04-28 02:10 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-04-28 02:10 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-04-28 02:10 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2013-04-28 02:10 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-04-28 02:10 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-04-28 02:10 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2013-04-28 02:08 . 2008-04-13 15:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2013-04-28 02:07 . 2001-08-17 18:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2013-04-28 02:07 . 2001-08-17 16:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2013-04-28 02:07 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2013-04-28 02:07 . 2001-08-17 16:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2013-04-28 02:07 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\OLD7B5.tmp
2013-04-28 02:07 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-04-28 02:07 . 2001-07-21 18:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2013-04-28 02:07 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2013-04-28 02:07 . 2001-08-18 02:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2013-04-28 02:07 . 2001-08-17 16:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-04-28 02:07 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-04-28 02:07 . 2001-08-17 17:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2013-04-28 02:05 . 2001-08-17 16:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2013-04-28 02:04 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-04-28 02:04 . 2001-08-17 16:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-04-28 02:04 . 2008-04-14 00:11 26112 -c--a-w- c:\windows\system32\dllcache\OLD757.tmp
2013-04-28 02:04 . 2008-04-13 15:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-04-28 02:04 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-04-28 02:04 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-04-28 02:04 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD74E.tmp
2013-04-28 02:04 . 2004-08-04 10:00 14848 -c--a-w- c:\windows\system32\dllcache\OLD74A.tmp
2013-04-28 02:04 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-04-28 02:04 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-04-28 02:02 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2013-04-28 02:01 . 2001-08-18 02:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2013-04-28 02:00 . 2001-08-18 02:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2013-04-28 01:59 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-04-28 01:59 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-04-28 01:59 . 2013-03-07 00:50 2070016 -c--a-w- c:\windows\system32\dllcache\OLD68B.tmp
2013-04-28 01:59 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\OLD686.tmp
2013-04-28 01:59 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-04-28 01:59 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-04-28 01:59 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-04-28 01:59 . 2008-04-13 15:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-04-28 01:59 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-04-28 01:59 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-04-28 01:59 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-04-28 01:57 . 2001-08-17 16:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-04-28 01:57 . 2001-08-17 17:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2013-04-28 01:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2013-04-28 01:57 . 2001-08-17 17:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2013-04-28 01:57 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-04-28 01:57 . 2001-08-17 17:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2013-04-28 01:57 . 2004-08-04 10:00 229439 -c--a-w- c:\windows\system32\dllcache\OLD64A.tmp
2013-04-28 01:57 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-04-28 01:57 . 2008-04-13 15:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-04-28 01:57 . 2008-04-13 15:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-04-28 01:57 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-04-28 01:57 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-04-28 01:56 . 2008-04-13 15:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-04-28 01:56 . 2004-08-04 10:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD639.tmp
2013-04-28 01:56 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD636.tmp
2013-04-28 01:56 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-04-28 01:56 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-04-28 01:56 . 2008-04-13 15:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-04-28 01:56 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-04-28 01:56 . 2008-04-13 15:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-04-28 01:56 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-04-28 01:54 . 2001-08-17 16:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2013-04-28 01:53 . 2001-08-18 02:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-04-28 01:52 . 2008-04-13 21:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-04-28 01:51 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\OLD527.tmp
2013-04-28 01:50 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2013-04-28 01:49 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\OLD49D.tmp
2013-04-28 01:48 . 2001-08-17 17:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2013-04-28 01:47 . 2008-04-13 15:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2013-04-28 01:46 . 2001-08-17 16:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-04-28 01:45 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 23:01 . 2008-11-22 14:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 23:01 . 2011-05-04 16:34 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 22:34 . 2012-04-07 22:44 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 22:34 . 2011-05-17 20:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2005-03-30 01:21 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2005-03-30 01:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2012-01-19 00:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2010-10-25 02:44 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2010-10-25 02:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2010-10-25 02:44 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2010-10-25 02:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2010-10-25 02:44 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2010-10-25 02:44 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2008-04-21 18:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 3rd May 2013, 4:01 pm

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\Drivers\afd.sys ---
Company: Microsoft Corporation
File Description: Ancillary Function Driver for WinSock
File Version: 5.1.2600.6142 (xpsp_sp3_gdr.110817-1643)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: afd.sys
File size: 138496
Created time: 2004-08-04 10:00
Modified time: 2011-08-17 13:49
MD5: 1E44BC1E83D8FD2305F8D452DB109CF9
SHA1: 985C2F081D3CFD46692681EB7CF2A1A357EB9FB2
.
.
--- c:\windows\system32\Drivers\ipsec.sys ---
Company: Microsoft Corporation
File Description: IPSec Driver
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ipsec.sys
File size: 75264
Created time: 2004-08-04 10:00
Modified time: 2008-04-13 19:19
MD5: 23C74D75E36E7158768DD63D92789A91
SHA1: 5C6DBEC1D047A3252E8FDAD3A240DDA073ACEFEC
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\documents and settings\Dell User\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2008-11-24 40960]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Dell User\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Dell User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/26/2013 5:12 PM 49248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/29/2011 1:40 AM 13496]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/27/2012 1:57 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/18/2012 8:31 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 10:44 PM 368176]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [8/6/2009 11:14 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [8/6/2009 11:12 PM 1195008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [4/2/2013 11:14 PM 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 10:44 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/26/2013 9:48 AM 66336]
R2 FilesystemWatcher;Filesystem Watcher;c:\program files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [9/2/2008 12:02 PM 24576]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [8/29/2011 1:39 AM 820568]
R2 OnlineBackupCommFrameworkService;Online Backup Communication Server;c:\program files\Verizon\Online Backup & Sharing\Communication\OnlineBackup.CommunicationFrameworkService.exe [11/24/2008 4:53 PM 20480]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/22/2011 4:34 PM 689464]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
R2 VaultProxy;DigiData Vault Proxy Service;c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.Service.exe [11/21/2008 1:07 PM 16384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [8/6/2009 11:12 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [8/6/2009 11:14 PM 257432]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [1/23/2009 11:14 PM 402944]
S0 Lbd;Lbd; [x]
S2 OnlineBackupSchedulerService;Online Backup Scheduler; [x]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/26/2013 5:12 PM 164736]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/27/2013 9:25 PM 35144]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [4/27/2013 11:18 PM 181064]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [8/29/2011 1:39 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [8/29/2011 1:39 AM 16080]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [8/29/2011 1:39 AM 239600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:34]
.
2013-05-03 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-04-03 00:33]
.
2013-05-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-30 22:32]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-29 00:19]
.
2013-05-03 c:\windows\Tasks\User_Feed_Synchronization-{36DA956C-FD18-42D8-89F3-9B2AE761A6E3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 3rd May 2013, 4:02 pm

------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-05-03 11:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\NavLogon.dll
.
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.dll
c:\program files\Verizon\Online Backup & Sharing\LogicNP.EZNamespaceExtensions.dll
c:\windows\assembly\GAC_MSIL\DigiData.Vault.Proxy\1.4.0.0__9020972b7d9d3317\DigiData.Vault.Proxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-05-03 11:49:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-03 15:49
ComboFix2.txt 2010-07-05 21:16
.
Pre-Run: 463,269,400,576 bytes free
Post-Run: 463,380,836,352 bytes free
.
- - End Of File - - 5FB6409F193D68579912864069489E98

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 3rd May 2013, 7:28 pm

Download [You must be registered and logged in to see this link.]

•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\

(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type C:\WINDOWS\system32\Drivers\afd.sys

•Click on the Find button.

•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.
Add the C:\Export.txt log to your next message.
***********************************************
Also please do a search for this file: C:\WINDOWS\system32\Drivers\ipsec.sys

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 7th May 2013, 2:06 pm

nothing to export says that 0 files found in 7364 directories

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 7th May 2013, 6:40 pm

Please try to run SystemLook on page 2 again. If that doesn't work, please try this scanner below.

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 10th May 2013, 2:59 am

The computer with the two infected files I am not able to get online. This virus remover that you suggested I run I am not able to download. I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 10th May 2013, 6:32 pm

I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.
You could use a CD-RW which is re-writable.

Please run the Farbar Service Scanner found on page 2 and post the log again.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 18th May 2013, 12:44 am

Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 17-05-2013 at 20:40:13
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 18th May 2013, 12:56 am

Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Lynangeel on 28th May 2013, 2:41 pm

MiniToolBox by Farbar Version:21-04-2013
Ran by LYNDA (administrator) on 28-05-2013 at 10:37:23
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


System errors:
=============
Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1014.07 MB
Available physical RAM: 542.33 MB
Total Pagefile: 2442.29 MB
Available Pagefile: 1865.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.24 GB) (Free:21.53 GB) NTFS
4 Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
5 Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\GENERAL1

Administrator Guest HelpAssistant
LYNDA SUPPORT_388945a0


**** End of log ****

Lynangeel
Intermediate
Intermediate

Posts Posts : 91
Joined Joined : 2009-05-07
OS OS : XP
Points Points : 28513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Not able to Access sites anymore and will not load

Post by Superdave on 28th May 2013, 7:30 pm

I realize that we've already tried this but please try it again. We need to find a clean file to replace the one that is infected.

Please download SystemLook from one of the links below and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.
Code:
:filefind
afd.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum