What I don't understand is why FSS says that the computer is blocked. I've always connected before running FSS so it's not like I wasn't connected. It's like there is some hidden firewall blocking me, but I removed all the security software before running ComboFix.
No Internet after Zeroaccess Removal [Solved]
Started by
winvista
, May 25 2012 12:58 PM
#31
Posted 02 June 2012 - 09:57 AM
What I don't understand is why FSS says that the computer is blocked. I've always connected before running FSS so it's not like I wasn't connected. It's like there is some hidden firewall blocking me, but I removed all the security software before running ComboFix.
#32
Posted 02 June 2012 - 09:02 PM
I have done some more investigating. The problem is that it connects to the internet just fine, but Windows doesn't seem to know that it is connected. When I ask it to diagnose and repair (right click the connection indicator in the lower right-hand corner), it comes back and tells me to plug in a LAN cable. This says to me that it is looking to the LAN adaptor for the internet even though I have set the dial-up connection as the default connection. Also, if I disable the adaptor, the diagnose and repair comes back to tell me to enable the adaptor. It should not be looking for the internet from that adaptor.
One other thing that I have noticed is that when I connect to the internet (via my dial-up modem), the little green globe on the connection indicator is not there. If I do an nslookup the little globe appears but ping and browsers still don't work.
One other thing that I have noticed is that when I connect to the internet (via my dial-up modem), the little green globe on the connection indicator is not there. If I do an nslookup the little globe appears but ping and browsers still don't work.
#33
Posted 03 June 2012 - 02:20 AM
OK, I'll take another look through the logs and get back ASAP
#34
Posted 03 June 2012 - 04:53 AM
Firstly...
When it finishes there should be a file, sfcdetails.txt, on your desktop. Please attach the file to your next reply.
Next...
Run OTL again and press the Quick Scan button. Please copy the log it produces and past to your reply.
- Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Type the following command, and then press ENTER:
sfc /scannow
When it finishes there should be a file, sfcdetails.txt, on your desktop. Please attach the file to your next reply.
Next...
Run OTL again and press the Quick Scan button. Please copy the log it produces and past to your reply.
#35
Posted 03 June 2012 - 10:25 AM
Sorry, missed a stage out. The file sfcdetails.txt, won't be on your desktop until you do the following:
- Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
#36
Posted 03 June 2012 - 01:54 PM
The sfcdetails.txt file is attached. I've ran sfc before so it contains information from past scans as well. Here is the results of the latest OTL scan:
OTL logfile created on: 6/3/2012 3:18:08 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 68.10% Memory free
5.73 Gb Paging File | 4.93 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 45.50 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.90 Gb Free Space | 53.89% Space Free | Partition Type: FAT32
Computer Name: RNT-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll ()
========== Win32 Services (SafeList) ==========
SRV - (WPFFontCache_v0400) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (XAudioService) -- C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsle679543d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys File not found
DRV - (MFE_RR) -- C:\Users\jeo\AppData\Local\Temp\mfe_rr.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\spca561.sys (SP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKLM\..\SearchScopes\{5413DC04-8E8C-4D0A-B988-D5786D662FD9}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2117678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{93462E4E-B91F-4B9A-8184-4E527B169A32}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/15 20:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 19:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:58:28 | 000,000,000 | ---D | M]
[2012/01/15 02:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 11:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/15 21:59:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 01:06:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/08/02 09:27:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2012/05/28 15:06:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/03 15:01:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/30 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/30 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/05/30 22:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/30 22:14:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/30 21:31:08 | 000,100,864 | ---- | C] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/30 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/05/30 21:27:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/28 18:03:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/28 14:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 14:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 14:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 14:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 14:40:30 | 004,530,271 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 11:42:19 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/27 11:21:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/26 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\OTL
[2012/05/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WindowsForUs
[2012/05/25 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinBubble
[2012/05/25 23:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinBubble
[2012/05/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\log
[2012/05/24 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TMRBLog
[2012/05/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
[2012/05/24 21:31:41 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 21:31:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Pavark
[2012/05/24 11:30:09 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/24 02:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Opera
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Opera
[2012/05/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc
[2012/05/22 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/22 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/22 23:01:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/22 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/22 00:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/05/18 23:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/18 23:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/18 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AbiSuite
[2012/05/15 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalNet
[2012/05/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2012/05/14 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/14 00:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/05/14 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
[2012/05/13 15:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalNet
[2012/05/13 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/12 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/12 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\cfos6link
========== Files - Modified Within 30 Days ==========
[2012/06/03 15:03:07 | 000,612,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 15:03:07 | 000,106,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/03 15:03:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 14:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 14:41:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 14:41:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 22:41:06 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 23:31:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ipconfig
[2012/05/30 22:31:52 | 000,483,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 20:47:08 | 000,379,392 | ---- | M] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/30 14:17:44 | 000,100,864 | ---- | M] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/28 15:06:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/28 14:18:51 | 001,310,720 | ---- | M] () -- C:\Users\admin\NTUSER.bak
[2012/05/28 11:55:04 | 004,530,271 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 14:16:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/26 23:08:18 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 20:44:14 | 000,650,240 | ---- | M] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/26 00:36:20 | 000,044,786 | ---- | M] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | M] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/25 18:03:30 | 000,650,240 | ---- | M] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 15:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/24 20:53:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 20:49:12 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 16:56:32 | 000,001,042 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:19:26 | 001,020,640 | ---- | M] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:35:54 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:58:06 | 000,003,070 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/22 23:01:33 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/22 00:02:48 | 000,337,639 | ---- | M] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/19 14:35:01 | 000,000,614 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/05/18 17:48:13 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 16:49:15 | 000,148,920 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/05/18 00:41:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/05/14 23:54:22 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
========== Files Created - No Company Name ==========
[2012/06/01 23:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ipconfig
[2012/05/30 20:58:59 | 000,379,392 | ---- | C] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/29 12:34:11 | 000,337,639 | ---- | C] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/28 14:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 14:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 14:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 14:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 14:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/26 00:37:45 | 000,044,786 | ---- | C] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | C] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:16:33 | 000,650,240 | ---- | C] () -- C:\MicrosoftFixit50203.msi
[2012/05/24 22:09:19 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 16:56:32 | 000,001,042 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:23:04 | 001,020,640 | ---- | C] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:48:45 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:53:52 | 000,003,070 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 17:45:19 | 000,001,699 | ---- | C] () -- C:\Windows\Notepad.lnk
[2012/05/18 16:44:48 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 23:54:22 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/05/13 17:18:13 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:46:06 | 000,483,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/31 16:57:55 | 000,012,908 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/11/21 14:52:35 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2011/11/21 14:52:35 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2011/11/21 14:52:35 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2011/11/15 21:58:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat3
[2011/11/15 21:58:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat3
[2011/11/04 22:57:39 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/04 22:57:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/04 22:57:39 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/04 22:57:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/04 22:57:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/03 13:10:57 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/28 16:04:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/05/28 16:04:32 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/05/28 16:04:02 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/04 22:08:31 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/04 22:07:57 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2010/07/03 18:07:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
========== LOP Check ==========
[2012/05/22 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/23 01:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2011/11/18 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yandex
[2012/06/02 22:40:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E7833B2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
OTL logfile created on: 6/3/2012 3:18:08 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 68.10% Memory free
5.73 Gb Paging File | 4.93 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 45.50 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.90 Gb Free Space | 53.89% Space Free | Partition Type: FAT32
Computer Name: RNT-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll ()
========== Win32 Services (SafeList) ==========
SRV - (WPFFontCache_v0400) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (XAudioService) -- C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsle679543d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys File not found
DRV - (MFE_RR) -- C:\Users\jeo\AppData\Local\Temp\mfe_rr.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\spca561.sys (SP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKLM\..\SearchScopes\{5413DC04-8E8C-4D0A-B988-D5786D662FD9}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2117678
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{93462E4E-B91F-4B9A-8184-4E527B169A32}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/15 20:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 19:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:58:28 | 000,000,000 | ---D | M]
[2012/01/15 02:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 11:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/15 21:59:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 01:06:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/08/02 09:27:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2012/05/28 15:06:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/03 15:01:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/30 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/30 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/05/30 22:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/30 22:14:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/30 21:31:08 | 000,100,864 | ---- | C] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/30 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/05/30 21:27:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/28 18:03:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/28 14:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 14:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 14:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 14:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 14:40:30 | 004,530,271 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 11:42:19 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/27 11:21:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/26 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\OTL
[2012/05/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WindowsForUs
[2012/05/25 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinBubble
[2012/05/25 23:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinBubble
[2012/05/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\log
[2012/05/24 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TMRBLog
[2012/05/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
[2012/05/24 21:31:41 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 21:31:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Pavark
[2012/05/24 11:30:09 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/24 02:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Opera
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Opera
[2012/05/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc
[2012/05/22 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/22 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/22 23:01:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/22 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/22 00:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/05/18 23:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/18 23:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/18 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AbiSuite
[2012/05/15 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalNet
[2012/05/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2012/05/14 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/14 00:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/05/14 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
[2012/05/13 15:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalNet
[2012/05/13 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/12 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/12 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\cfos6link
========== Files - Modified Within 30 Days ==========
[2012/06/03 15:03:07 | 000,612,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 15:03:07 | 000,106,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/03 15:03:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 14:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 14:41:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 14:41:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 22:41:06 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 23:31:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ipconfig
[2012/05/30 22:31:52 | 000,483,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 20:47:08 | 000,379,392 | ---- | M] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/30 14:17:44 | 000,100,864 | ---- | M] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/28 15:06:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/28 14:18:51 | 001,310,720 | ---- | M] () -- C:\Users\admin\NTUSER.bak
[2012/05/28 11:55:04 | 004,530,271 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 14:16:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/26 23:08:18 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 20:44:14 | 000,650,240 | ---- | M] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/26 00:36:20 | 000,044,786 | ---- | M] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | M] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/25 18:03:30 | 000,650,240 | ---- | M] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 15:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/24 20:53:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 20:49:12 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 16:56:32 | 000,001,042 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:19:26 | 001,020,640 | ---- | M] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:35:54 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:58:06 | 000,003,070 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/22 23:01:33 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/22 00:02:48 | 000,337,639 | ---- | M] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/19 14:35:01 | 000,000,614 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/05/18 17:48:13 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 16:49:15 | 000,148,920 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/05/18 00:41:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/05/14 23:54:22 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
========== Files Created - No Company Name ==========
[2012/06/01 23:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ipconfig
[2012/05/30 20:58:59 | 000,379,392 | ---- | C] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/29 12:34:11 | 000,337,639 | ---- | C] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/28 14:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 14:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 14:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 14:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 14:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/26 00:37:45 | 000,044,786 | ---- | C] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | C] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:16:33 | 000,650,240 | ---- | C] () -- C:\MicrosoftFixit50203.msi
[2012/05/24 22:09:19 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 16:56:32 | 000,001,042 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:23:04 | 001,020,640 | ---- | C] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:48:45 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:53:52 | 000,003,070 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 17:45:19 | 000,001,699 | ---- | C] () -- C:\Windows\Notepad.lnk
[2012/05/18 16:44:48 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 23:54:22 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/05/13 17:18:13 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:46:06 | 000,483,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/31 16:57:55 | 000,012,908 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/11/21 14:52:35 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2011/11/21 14:52:35 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2011/11/21 14:52:35 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2011/11/15 21:58:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat3
[2011/11/15 21:58:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat3
[2011/11/04 22:57:39 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/04 22:57:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/04 22:57:39 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/04 22:57:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/04 22:57:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/03 13:10:57 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/28 16:04:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/05/28 16:04:32 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/05/28 16:04:02 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/04 22:08:31 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/04 22:07:57 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2010/07/03 18:07:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
========== LOP Check ==========
[2012/05/22 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/23 01:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2011/11/18 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yandex
[2012/06/02 22:40:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E7833B2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Attached Files
#37
Posted 03 June 2012 - 11:05 PM
I am attaching the results of a diagnostic scan that I did with the IOBit software. The main reason I'm doing this is because it shows the errors in the log file for Windows. I didn't make any changes when I ran this diagnostic scan.
Attached Files
#38
Posted 04 June 2012 - 02:17 AM
Next...
Step 1
Step 2
Please copy the contents of winvista.txt, which will be on your desktop, and paste in your next reply
Step 3
We'll turn on PPP logging:
Open an elevated Command Prompt, as you did previously, then type the next three lines with an Enter after each line:
Now try connecting again please.
There should be a log file at C:\Windows\tracing\PPP.log. Please attach to your reply
Finally turn off PPP logging by typing
Step 1
- Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Type the following command, and then press ENTER:
ipconfig /all >%userprofile%\desktop\winvista.txt
Step 2
- Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
- Type the following command, and then press ENTER:
net start >>%userprofile%\desktop\winvista.txt
Please copy the contents of winvista.txt, which will be on your desktop, and paste in your next reply
Step 3
We'll turn on PPP logging:
Open an elevated Command Prompt, as you did previously, then type the next three lines with an Enter after each line:
netsh ras netsh ras set tr * en
Now try connecting again please.
There should be a log file at C:\Windows\tracing\PPP.log. Please attach to your reply
Finally turn off PPP logging by typing
netsh ras set tr * diAgain from an elevated prompt
#39
Posted 04 June 2012 - 08:39 AM
Windows IP Configuration
Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Localnet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.92.240(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5cf0::4e1:5cf0(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
These Windows services are started:
Advanced SystemCare Service 5
Apple Mobile Device
Application Experience
Application Information
Application Layer Gateway Service
Ati External Event Utility
Background Intelligent Transfer Service
Base Filtering Engine
Bonjour Service
CNG Key Isolation
COM+ Event System
ConfigFree Service
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
Easybits GO Services for Windows
Extensible Authentication Protocol
Function Discovery Resource Publication
Group Policy Client
HP CUE DeviceDiscovery Service
hpqcxs08
Human Interface Device Access
IP Helper
IPsec Policy Agent
KtmRm for Distributed Transaction Coordinator
Multimedia Class Scheduler
Net Driver HPZ12
Net.Tcp Port Sharing Service
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Pml Driver HPZ12
Portable Device Enumerator Service
Program Compatibility Assistant Service
ReadyBoost
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Licensing
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
TOSHIBA Navi Support Service
TOSHIBA Power Saver
TOSHIBA SMART Log Service
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Driver Foundation - User-mode Driver Framework
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Mobile-2003-based device connectivity
Windows Mobile-based device connectivity
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
XAudioService
The command completed successfully.
Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Localnet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.92.240(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5cf0::4e1:5cf0(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
These Windows services are started:
Advanced SystemCare Service 5
Apple Mobile Device
Application Experience
Application Information
Application Layer Gateway Service
Ati External Event Utility
Background Intelligent Transfer Service
Base Filtering Engine
Bonjour Service
CNG Key Isolation
COM+ Event System
ConfigFree Service
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
Easybits GO Services for Windows
Extensible Authentication Protocol
Function Discovery Resource Publication
Group Policy Client
HP CUE DeviceDiscovery Service
hpqcxs08
Human Interface Device Access
IP Helper
IPsec Policy Agent
KtmRm for Distributed Transaction Coordinator
Multimedia Class Scheduler
Net Driver HPZ12
Net.Tcp Port Sharing Service
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Pml Driver HPZ12
Portable Device Enumerator Service
Program Compatibility Assistant Service
ReadyBoost
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Licensing
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
TOSHIBA Navi Support Service
TOSHIBA Power Saver
TOSHIBA SMART Log Service
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Driver Foundation - User-mode Driver Framework
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Mobile-2003-based device connectivity
Windows Mobile-based device connectivity
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
XAudioService
The command completed successfully.
Attached Files
#40
Posted 04 June 2012 - 11:42 AM
Thanks for that.
Can you look in C:\Windows\Tracing\ and see if there are any other log files, particularly rras.log and/or rrasapi.log. If so, could you attach them please
Next...
Run an elevated command prompt, as we did previously
Type each of these lines in the command window and press enter after each. Wait for each one to finish before starting the next.
Can you look in C:\Windows\Tracing\ and see if there are any other log files, particularly rras.log and/or rrasapi.log. If so, could you attach them please
Next...
Run an elevated command prompt, as we did previously
Type each of these lines in the command window and press enter after each. Wait for each one to finish before starting the next.
Attach junk.txt from your desktop in you next reply pleaseping 4.225.92.240 >>%userprofile%\desktop\junk.txt
tracert -d 64.136.173.4 >>%userprofile%\desktop\junk.txt
tracert -d 8.8.8.8 >>%userprofile%\desktop\junk.txt
nslookup att.com >>%userprofile%\desktop\junk.txt
#41
Posted 04 June 2012 - 02:46 PM
Here are the files. I zipped all the non-empty files from the Tracing directory. Also, I am attaching the junk.txt file we created.
Thanks again for all your help!
Thanks again for all your help!
Attached Files
#42
Posted 05 June 2012 - 10:48 AM
Run an elevated command prompt, as we did previously and type
Reboot
After the system has rebooted, try connecting again please
Fianlly, from an elevated commad prompt type
Copy the contents of winvista.txt from your desktop and paste in your next reply
netsh interface teredo set state disabledFollowed by enter
Reboot
After the system has rebooted, try connecting again please
Fianlly, from an elevated commad prompt type
ipconfig /all >%userprofile%\desktop\winvista.txt
Copy the contents of winvista.txt from your desktop and paste in your next reply
#43
Posted 05 June 2012 - 01:39 PM
I could connect, but I still can't navigate the internet. Still get the dns error in Chrome and ping a url doesn't work. Basically, just about everything is the same ... except it might be that one of my old internet connections has appeared in the menu "Connect to" but I don't use that connection anymore. I won't swear to it because I might have just overlooked it earlier.
Windows IP Configuration
Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Localnet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.95.221(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5fdd::4e1:5fdd(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Windows IP Configuration
Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Localnet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.95.221(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5fdd::4e1:5fdd(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
#44
Posted 06 June 2012 - 01:44 AM
Can you uninstall Kaspersky please, then run OTL again, press Quick Scan and post the log please
#45
Posted 06 June 2012 - 07:07 AM
I uninstalled Kaspersky. I even downloaded a special tool to uninstall Kaspersky when it doesn't completely uninstall. I don't know why those Kaspersky files keep showing up. I haven't used Kaspersky since January (when I first uninstalled it), but somehow it still has got a hold of my computer.
I don't know what to do. Kaspersky does not show up in the list of programs to uninstall, and apparently the uninstall tool also was not completely successful.
I don't know what to do. Kaspersky does not show up in the list of programs to uninstall, and apparently the uninstall tool also was not completely successful.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users