Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Internet after Zeroaccess Removal [Solved]


  • This topic is locked This topic is locked

#31
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I tried it, and it didn't change anything. I still can't ping and Chrome is giving me a dns error.

What I don't understand is why FSS says that the computer is blocked. I've always connected before running FSS so it's not like I wasn't connected. It's like there is some hidden firewall blocking me, but I removed all the security software before running ComboFix.
  • 0

Advertisements


#32
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I have done some more investigating. The problem is that it connects to the internet just fine, but Windows doesn't seem to know that it is connected. When I ask it to diagnose and repair (right click the connection indicator in the lower right-hand corner), it comes back and tells me to plug in a LAN cable. This says to me that it is looking to the LAN adaptor for the internet even though I have set the dial-up connection as the default connection. Also, if I disable the adaptor, the diagnose and repair comes back to tell me to enable the adaptor. It should not be looking for the internet from that adaptor.

One other thing that I have noticed is that when I connect to the internet (via my dial-up modem), the little green globe on the connection indicator is not there. If I do an nslookup the little globe appears but ping and browsers still don't work.
  • 0

#33
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
OK, I'll take another look through the logs and get back ASAP
  • 0

#34
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Firstly...
  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
sfc /scannow

When it finishes there should be a file, sfcdetails.txt, on your desktop. Please attach the file to your next reply.

Next...

Run OTL again and press the Quick Scan button. Please copy the log it produces and past to your reply.
  • 0

#35
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Sorry, missed a stage out. The file sfcdetails.txt, won't be on your desktop until you do the following:

  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt

  • 0

#36
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
The sfcdetails.txt file is attached. I've ran sfc before so it contains information from past scans as well. Here is the results of the latest OTL scan:

OTL logfile created on: 6/3/2012 3:18:08 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 68.10% Memory free
5.73 Gb Paging File | 4.93 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 45.50 Gb Free Space | 30.83% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.90 Gb Free Space | 53.89% Space Free | Partition Type: FAT32

Computer Name: RNT-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (XAudioService) -- C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsle679543d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys File not found
DRV - (MFE_RR) -- C:\Users\jeo\AppData\Local\Temp\mfe_rr.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\spca561.sys (SP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKLM\..\SearchScopes\{5413DC04-8E8C-4D0A-B988-D5786D662FD9}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2117678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{93462E4E-B91F-4B9A-8184-4E527B169A32}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/15 20:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 19:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:58:28 | 000,000,000 | ---D | M]

[2012/01/15 02:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 11:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/15 21:59:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 01:06:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/08/02 09:27:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/05/28 15:06:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 15:01:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/30 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/30 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/05/30 22:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/30 22:14:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/30 21:31:08 | 000,100,864 | ---- | C] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/30 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/05/30 21:27:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/28 18:03:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/28 14:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 14:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 14:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 14:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 14:40:30 | 004,530,271 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 11:42:19 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/27 11:21:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/26 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\OTL
[2012/05/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WindowsForUs
[2012/05/25 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinBubble
[2012/05/25 23:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinBubble
[2012/05/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\log
[2012/05/24 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TMRBLog
[2012/05/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
[2012/05/24 21:31:41 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 21:31:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Pavark
[2012/05/24 11:30:09 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/24 02:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Opera
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Opera
[2012/05/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc
[2012/05/22 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/22 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/22 23:01:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/22 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/22 00:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/05/18 23:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/18 23:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/18 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AbiSuite
[2012/05/15 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalNet
[2012/05/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2012/05/14 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/14 00:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/05/14 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
[2012/05/13 15:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalNet
[2012/05/13 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/12 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/12 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\cfos6link

========== Files - Modified Within 30 Days ==========

[2012/06/03 15:03:07 | 000,612,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 15:03:07 | 000,106,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/03 15:03:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 14:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 14:41:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 14:41:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/02 22:41:06 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 23:31:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ipconfig
[2012/05/30 22:31:52 | 000,483,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 20:47:08 | 000,379,392 | ---- | M] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/30 14:17:44 | 000,100,864 | ---- | M] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/28 15:06:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/28 14:18:51 | 001,310,720 | ---- | M] () -- C:\Users\admin\NTUSER.bak
[2012/05/28 11:55:04 | 004,530,271 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 14:16:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/26 23:08:18 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 20:44:14 | 000,650,240 | ---- | M] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/26 00:36:20 | 000,044,786 | ---- | M] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | M] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/25 18:03:30 | 000,650,240 | ---- | M] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 15:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/24 20:53:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 20:49:12 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 16:56:32 | 000,001,042 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:19:26 | 001,020,640 | ---- | M] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:35:54 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:58:06 | 000,003,070 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/22 23:01:33 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/22 00:02:48 | 000,337,639 | ---- | M] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/19 14:35:01 | 000,000,614 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/05/18 17:48:13 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 16:49:15 | 000,148,920 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/05/18 00:41:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/05/14 23:54:22 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

========== Files Created - No Company Name ==========

[2012/06/01 23:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ipconfig
[2012/05/30 20:58:59 | 000,379,392 | ---- | C] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/29 12:34:11 | 000,337,639 | ---- | C] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/28 14:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 14:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 14:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 14:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 14:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/26 00:37:45 | 000,044,786 | ---- | C] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | C] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:16:33 | 000,650,240 | ---- | C] () -- C:\MicrosoftFixit50203.msi
[2012/05/24 22:09:19 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 16:56:32 | 000,001,042 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:23:04 | 001,020,640 | ---- | C] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:48:45 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:53:52 | 000,003,070 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 17:45:19 | 000,001,699 | ---- | C] () -- C:\Windows\Notepad.lnk
[2012/05/18 16:44:48 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 23:54:22 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/05/13 17:18:13 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:46:06 | 000,483,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/31 16:57:55 | 000,012,908 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/11/21 14:52:35 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2011/11/21 14:52:35 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2011/11/21 14:52:35 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2011/11/15 21:58:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat3
[2011/11/15 21:58:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat3
[2011/11/04 22:57:39 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/04 22:57:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/04 22:57:39 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/04 22:57:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/04 22:57:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/03 13:10:57 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/28 16:04:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/05/28 16:04:32 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/05/28 16:04:02 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/04 22:08:31 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/04 22:07:57 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2010/07/03 18:07:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== LOP Check ==========

[2012/05/22 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/23 01:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2011/11/18 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yandex
[2012/06/02 22:40:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E7833B2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Attached Files


  • 0

#37
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I am attaching the results of a diagnostic scan that I did with the IOBit software. The main reason I'm doing this is because it shows the errors in the log file for Windows. I didn't make any changes when I ran this diagnostic scan.

Attached Files


  • 0

#38
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Next...

Step 1
  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
ipconfig /all >%userprofile%\desktop\winvista.txt

Step 2
  • Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
net start >>%userprofile%\desktop\winvista.txt

Please copy the contents of winvista.txt, which will be on your desktop, and paste in your next reply

Step 3
We'll turn on PPP logging:
Open an elevated Command Prompt, as you did previously, then type the next three lines with an Enter after each line:

netsh
ras
netsh  ras  set  tr  *  en

Now try connecting again please.

There should be a log file at C:\Windows\tracing\PPP.log. Please attach to your reply

Finally turn off PPP logging by typing
netsh  ras  set  tr  *  di
Again from an elevated prompt
  • 0

#39
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Windows IP Configuration

Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Localnet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.92.240(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5cf0::4e1:5cf0(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
These Windows services are started:

Advanced SystemCare Service 5
Apple Mobile Device
Application Experience
Application Information
Application Layer Gateway Service
Ati External Event Utility
Background Intelligent Transfer Service
Base Filtering Engine
Bonjour Service
CNG Key Isolation
COM+ Event System
ConfigFree Service
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
Easybits GO Services for Windows
Extensible Authentication Protocol
Function Discovery Resource Publication
Group Policy Client
HP CUE DeviceDiscovery Service
hpqcxs08
Human Interface Device Access
IP Helper
IPsec Policy Agent
KtmRm for Distributed Transaction Coordinator
Multimedia Class Scheduler
Net Driver HPZ12
Net.Tcp Port Sharing Service
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Plug and Play
Pml Driver HPZ12
Portable Device Enumerator Service
Program Compatibility Assistant Service
ReadyBoost
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Licensing
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
TOSHIBA Navi Support Service
TOSHIBA Power Saver
TOSHIBA SMART Log Service
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Driver Foundation - User-mode Driver Framework
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Mobile-2003-based device connectivity
Windows Mobile-based device connectivity
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
XAudioService

The command completed successfully.

Attached Files

  • Attached File  PPP.LOG   16.5KB   41 downloads

  • 0

#40
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Thanks for that.

Can you look in C:\Windows\Tracing\ and see if there are any other log files, particularly rras.log and/or rrasapi.log. If so, could you attach them please

Next...

Run an elevated command prompt, as we did previously

Type each of these lines in the command window and press enter after each. Wait for each one to finish before starting the next.

ping 4.225.92.240 >>%userprofile%\desktop\junk.txt
tracert -d 64.136.173.4 >>%userprofile%\desktop\junk.txt
tracert -d 8.8.8.8 >>%userprofile%\desktop\junk.txt
nslookup att.com >>%userprofile%\desktop\junk.txt

Attach junk.txt from your desktop in you next reply please
  • 0

Advertisements


#41
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here are the files. I zipped all the non-empty files from the Tracing directory. Also, I am attaching the junk.txt file we created.

Thanks again for all your help!

Attached Files


  • 0

#42
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Run an elevated command prompt, as we did previously and type


netsh  interface  teredo  set  state  disabled
Followed by enter

Reboot

After the system has rebooted, try connecting again please


Fianlly, from an elevated commad prompt type

ipconfig /all >%userprofile%\desktop\winvista.txt

Copy the contents of winvista.txt from your desktop and paste in your next reply
  • 0

#43
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I could connect, but I still can't navigate the internet. Still get the dns error in Chrome and ping a url doesn't work. Basically, just about everything is the same ... except it might be that one of my old internet connections has appeared in the menu "Connect to" but I don't use that connection anymore. I won't swear to it because I might have just overlooked it earlier.







Windows IP Configuration

Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Localnet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.225.95.221(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4e1:5fdd::4e1:5fdd(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B0F31E43-512B-499E-AAA1-E7828F7C5D43}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2863352B-78F6-4CA1-A9AD-693AF7C96463}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
  • 0

#44
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,202 posts
Can you uninstall Kaspersky please, then run OTL again, press Quick Scan and post the log please
  • 0

#45
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I uninstalled Kaspersky. I even downloaded a special tool to uninstall Kaspersky when it doesn't completely uninstall. I don't know why those Kaspersky files keep showing up. I haven't used Kaspersky since January (when I first uninstalled it), but somehow it still has got a hold of my computer.

I don't know what to do. Kaspersky does not show up in the list of programs to uninstall, and apparently the uninstall tool also was not completely successful.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP