Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer slow + Google redirects + windows opening on their own

Started by Leo2012 , Jan 20 2012 10:00 PM

  • Please log in to reply

#16
Cookiegal
Posted 25 January 2012 - 06:22 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please run SystemLook again with the following script:

:filefind
ipsec.*


Also, please run Farbar again and type the following in the search box:

dhcp;tcpip

Click "Export Service" and post the log it makes (FSS.txt).
  • 0

Advertisements

#17
Leo2012
Posted 25 January 2012 - 06:44 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 19:36 on 25/01/2012 by Ziad
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.*"
C:\I386\IPSEC.SY_ --a---- 39956 bytes [20:01 21/07/2008] [12:00 14/04/2008] 831C0ED52C21602AE3F735A1F04055E1
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [20:04 21/07/2008] [12:00 14/04/2008] 1A53F4D2F31A3E72CE5E1DFE1AF6EA1F

-= EOF =-


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="DHCP Client"
"Group"="TDI"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,41,00,66,00,64,00,\
00,00,4e,00,65,00,74,00,42,00,54,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Manages network configuration by registering and updating IP addresses and DNS names."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Configurations]
"Options"=hex:32,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,ff,ff,ff,7f,00,00,\
00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Linkage]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Linkage\Disabled]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,68,00,63,00,70,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"{532EEB6E-71EE-40C8-A991-15118FBE5AAD}"=hex:2e,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,86,27,ed,49,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
86,27,ed,49,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,27,ed,49,03,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,27,ed,49,51,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,86,27,ed,49,01,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,86,27,ed,49,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
86,27,ed,49,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,27,ed,49,3b,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,86,27,ed,49,3a,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,86,27,ed,49,35,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,86,27,ed,49
"{80BCD92F-3511-4F5E-929D-EA243BBFD5F6}"=hex:2e,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,b4,29,ed,49,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
b4,29,ed,49,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,03,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,36,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,b4,29,ed,49,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
b4,29,ed,49,51,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,33,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,3b,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,b4,29,ed,49,3a,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,b4,29,ed,49
"{4E3B5107-3322-4E5B-82C2-E531228C7609}"=hex:2e,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,18,eb,ed,49,2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
18,eb,ed,49,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,03,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,51,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,01,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,18,eb,ed,49,36,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
18,eb,ed,49,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,3b,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,3a,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,18,eb,ed,49,35,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,18,eb,ed,49
"{C7BE68E5-9583-4DE0-A20F-05A1A820F0BE}"=hex:fc,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,5c,45,c9,4a,06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
d7,78,aa,4c,0a,0a,40,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,d7,\
78,aa,4c,ff,ff,f0,00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,d7,78,\
aa,4c,01,e1,33,80,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,d7,78,aa,\
4c,0a,0a,4f,fe,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,d7,78,aa,4c,\
05,00,00,00
"{6F7EDDB3-7337-42F1-B204-A5A8534D6973}"=hex:fc,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,7e,2d,d2,4c,06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
b2,60,b3,4e,0a,3d,38,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,b2,\
60,b3,4e,ff,ff,f8,00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,b2,60,\
b3,4e,01,e1,33,80,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,b2,60,b3,\
4e,0a,3d,3f,fe,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,b2,60,b3,4e,\
05,00,00,00
"{CD516BC3-4B82-443E-BCD3-29EDD4A14E94}"=hex:fc,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,8e,f6,1d,4f,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
1c,2e,27,4f,c0,a8,00,01,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,\
2e,27,4f,00,09,3a,80,17,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,1c,2e,\
27,4f,40,00,00,00,06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,2e,27,\
4f,40,47,ff,c6,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,2e,27,4f,\
c0,a8,00,01,02,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,2e,27,4f,00,\
00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,1c,2e,27,4f,ff,ff,\
ff,00,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,1c,2e,27,4f,05,00,00,\
00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\1]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,\
65,00,74,00,4d,00,61,00,73,00,6b,00,4f,00,70,00,74,00,00,00,53,00,59,00,53,\
00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,\
6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,44,00,68,00,63,00,70,00,53,00,75,00,62,00,6e,00,65,00,74,00,4d,00,61,00,\
73,00,6b,00,4f,00,70,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\15]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,\
69,00,6e,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,49,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,44,00,6f,00,6d,00,61,00,69,\
00,6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\220]
"KeyType"=dword:00000003
"VendorType"=dword:00000001
"RegSendLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,\
72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,\
00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,\
54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,\
00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,\
65,00,73,00,5c,00,3f,00,5c,00,53,00,6f,00,48,00,52,00,65,00,71,00,75,00,65,\
00,73,00,74,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\3]
"KeyType"=dword:00000007
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,\
75,00,6c,00,74,00,47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,53,00,59,\
00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,\
43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,3f,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,\
00,5c,00,44,00,68,00,63,00,70,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,\
47,00,61,00,74,00,65,00,77,00,61,00,79,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\44]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,4c,\
00,69,00,73,00,74,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,\
75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,\
00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,\
5c,00,4e,00,65,00,74,00,42,00,54,00,5c,00,41,00,64,00,61,00,70,00,74,00,65,\
00,72,00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,\
65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\46]
"KeyType"=dword:00000004
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpNodeType"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\47]
"KeyType"=dword:00000001
"RegLocation"="SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters\\DhcpScopeID"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\6]
"KeyType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,54,\
00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,3f,00,5c,00,44,00,68,00,63,00,70,00,4e,00,61,00,6d,00,65,00,\
53,00,65,00,72,00,76,00,65,00,72,00,00,00,53,00,59,00,53,00,54,00,45,00,4d,\
00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,\
72,00,6f,00,6c,00,53,00,65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,44,00,68,00,63,00,70,00,4e,\
00,61,00,6d,00,65,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"=dword:00000004
"OptionId"=dword:00000001
"VendorType"=dword:00000001
"RegLocation"=hex(7):53,00,59,00,53,00,54,00,45,00,4d,00,5c,00,43,00,75,00,72,\
00,72,00,65,00,6e,00,74,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,53,00,\
65,00,74,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,5c,00,4e,\
00,65,00,74,00,42,00,54,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,\
65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,\
00,73,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,3f,00,5c,00,44,00,68,00,\
63,00,70,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,4f,00,70,00,74,00,69,\
00,6f,00,6e,00,73,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
2c,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\dhcp\Enum]
"0"="Root\\LEGACY_DHCP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"Tag"=dword:00000003
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,74,00,63,00,70,00,69,00,70,00,2e,\
00,73,00,79,00,73,00,00,00
"DisplayName"="TCP/IP Protocol Driver"
"Group"="PNP_TDI"
"DependOnService"=hex(7):49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"Description"="TCP/IP Protocol Driver"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,39,00,43,\
00,37,00,46,00,43,00,33,00,43,00,35,00,2d,00,32,00,37,00,42,00,41,00,2d,00,\
34,00,37,00,42,00,41,00,2d,00,42,00,33,00,41,00,39,00,2d,00,46,00,33,00,46,\
00,34,00,37,00,37,00,32,00,44,00,37,00,44,00,43,00,38,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,37,00,35,00,38,00,41,00,37,\
00,42,00,36,00,41,00,2d,00,44,00,42,00,43,00,46,00,2d,00,34,00,39,00,32,00,\
39,00,2d,00,41,00,42,00,34,00,33,00,2d,00,38,00,39,00,44,00,42,00,38,00,38,\
00,34,00,33,00,39,00,43,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,7b,00,30,00,35,00,33,00,43,00,39,00,35,00,46,00,42,\
00,2d,00,45,00,36,00,30,00,46,00,2d,00,34,00,39,00,33,00,42,00,2d,00,42,00,\
32,00,36,00,39,00,2d,00,35,00,36,00,45,00,37,00,38,00,35,00,31,00,34,00,31,\
00,35,00,42,00,38,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,\
5c,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,39,00,43,00,37,00,46,00,43,00,33,00,43,00,35,00,2d,\
00,32,00,37,00,42,00,41,00,2d,00,34,00,37,00,42,00,41,00,2d,00,42,00,33,00,\
41,00,39,00,2d,00,46,00,33,00,46,00,34,00,37,00,37,00,32,00,44,00,37,00,44,\
00,43,00,38,00,7d,00,22,00,00,00,22,00,7b,00,37,00,35,00,38,00,41,00,37,00,\
42,00,36,00,41,00,2d,00,44,00,42,00,43,00,46,00,2d,00,34,00,39,00,32,00,39,\
00,2d,00,41,00,42,00,34,00,33,00,2d,00,38,00,39,00,44,00,42,00,38,00,38,00,\
34,00,33,00,39,00,43,00,39,00,43,00,7d,00,22,00,00,00,22,00,7b,00,30,00,35,\
00,33,00,43,00,39,00,35,00,46,00,42,00,2d,00,45,00,36,00,30,00,46,00,2d,00,\
34,00,39,00,33,00,42,00,2d,00,42,00,32,00,36,00,39,00,2d,00,35,00,36,00,45,\
00,37,00,38,00,35,00,31,00,34,00,31,00,35,00,42,00,38,00,7d,00,22,00,00,00,\
22,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,00,49,00,70,00,22,00,00,00,00,\
00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
00,69,00,70,00,5f,00,7b,00,39,00,43,00,37,00,46,00,43,00,33,00,43,00,35,00,\
2d,00,32,00,37,00,42,00,41,00,2d,00,34,00,37,00,42,00,41,00,2d,00,42,00,33,\
00,41,00,39,00,2d,00,46,00,33,00,46,00,34,00,37,00,37,00,32,00,44,00,37,00,\
44,00,43,00,38,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,37,00,35,00,38,00,41,00,37,00,\
42,00,36,00,41,00,2d,00,44,00,42,00,43,00,46,00,2d,00,34,00,39,00,32,00,39,\
00,2d,00,41,00,42,00,34,00,33,00,2d,00,38,00,39,00,44,00,42,00,38,00,38,00,\
34,00,33,00,39,00,43,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,00,35,00,\
33,00,43,00,39,00,35,00,46,00,42,00,2d,00,45,00,36,00,30,00,46,00,2d,00,34,\
00,39,00,33,00,42,00,2d,00,42,00,32,00,36,00,39,00,2d,00,35,00,36,00,45,00,\
37,00,38,00,35,00,31,00,34,00,31,00,35,00,42,00,38,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
7b,00,30,00,34,00,45,00,45,00,36,00,41,00,33,00,30,00,2d,00,37,00,37,00,32,\
00,41,00,2d,00,34,00,35,00,32,00,35,00,2d,00,39,00,37,00,39,00,41,00,2d,00,\
43,00,38,00,38,00,45,00,38,00,35,00,43,00,33,00,41,00,30,00,46,00,34,00,7d,\
00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
69,00,70,00,5f,00,7b,00,37,00,41,00,44,00,43,00,31,00,39,00,43,00,31,00,2d,\
00,44,00,34,00,35,00,43,00,2d,00,34,00,32,00,35,00,36,00,2d,00,39,00,31,00,\
42,00,39,00,2d,00,45,00,33,00,41,00,43,00,36,00,30,00,32,00,37,00,37,00,46,\
00,37,00,45,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters]
"NV Hostname"="LENOVO-D4F96F23"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="LENOVO-D4F96F23"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DhcpNameServer"="64.71.255.198"
"EnableICMPRedirect"=dword:00000001
"EnableSecurityFilters"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,34,00,45,00,45,00,36,00,41,00,\
33,00,30,00,2d,00,37,00,37,00,32,00,41,00,2d,00,34,00,35,00,32,00,35,00,2d,\
00,39,00,37,00,39,00,41,00,2d,00,43,00,38,00,38,00,45,00,38,00,35,00,43,00,\
33,00,41,00,30,00,46,00,34,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,41,\
00,44,00,43,00,31,00,39,00,43,00,31,00,2d,00,44,00,34,00,35,00,43,00,2d,00,\
34,00,32,00,35,00,36,00,2d,00,39,00,31,00,42,00,39,00,2d,00,45,00,33,00,41,\
00,43,00,36,00,30,00,32,00,37,00,37,00,46,00,37,00,45,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:30,6a,ee,04,2a,77,25,45,97,9a,c8,8e,85,c3,a0,f4,c1,19,dc,7a,\
5c,d4,56,42,91,b9,e3,ac,60,27,7f,7e

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{053C95FB-E60F-493B-B269-56E7851415B8}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,35,00,33,00,43,00,39,00,35,00,\
46,00,42,00,2d,00,45,00,36,00,30,00,46,00,2d,00,34,00,39,00,33,00,42,00,2d,\
00,42,00,32,00,36,00,39,00,2d,00,35,00,36,00,45,00,37,00,38,00,35,00,31,00,\
34,00,31,00,35,00,42,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{758A7B6A-DBCF-4929-AB43-89DB88439C9C}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,35,00,38,00,41,00,37,00,42,00,\
36,00,41,00,2d,00,44,00,42,00,43,00,46,00,2d,00,34,00,39,00,32,00,39,00,2d,\
00,41,00,42,00,34,00,33,00,2d,00,38,00,39,00,44,00,42,00,38,00,38,00,34,00,\
33,00,39,00,43,00,39,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Adapters\{9C7FC3C5-27BA-47BA-B3A9-F3F4772D7DC8}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,39,00,43,00,37,00,46,00,43,00,33,00,\
43,00,35,00,2d,00,32,00,37,00,42,00,41,00,2d,00,34,00,37,00,42,00,41,00,2d,\
00,42,00,33,00,41,00,39,00,2d,00,46,00,33,00,46,00,34,00,37,00,37,00,32,00,\
44,00,37,00,44,00,43,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{04EE6A30-772A-4525-979A-C88E85C3A0F4}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{053C95FB-E60F-493B-B269-56E7851415B8}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{758A7B6A-DBCF-4929-AB43-89DB88439C9C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:4eed17a0
"T1"=dword:4eed17a0
"T2"=dword:4eed17a0
"LeaseTerminatesTime"=dword:7fffffff
"IPAutoconfigurationAddress"="169.254.238.233"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000001
"IsServerNapAware"=dword:00000000
"DhcpIPAddress"="169.254.238.233"
"DhcpSubnetMask"="255.255.0.0"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{7ADC19C1-D45C-4256-91B9-E3AC60277F7E}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Interfaces\{9C7FC3C5-27BA-47BA-B3A9-F3F4772D7DC8}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Performance]
"Close"="CloseTcpIpPerformanceData"
"Collect"="CollectTcpIpPerformanceData"
"Library"="Perfctrs.dll"
"Open"="OpenTcpIpPerformanceData"
"Object List"="502 510 546 582 638 658"
"WbemAdapFileSignature"=hex:db,e2,b6,23,53,66,0e,cc,a0,d7,5e,a3,07,a7,17,e9
"WbemAdapFileTime"=hex:22,80,0c,03,6d,eb,c8,01
"WbemAdapFileSize"=dword:00009c00
"WbemAdapStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\ServiceProvider]
"Class"=dword:00000008
"DnsPriority"=dword:000007d0
"HostsPriority"=dword:000001f4
"LocalPriority"=dword:000001f3
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,6f,00,63,00,6b,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"NetbtPriority"=dword:000007d1
"Name"="TCP/IP"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\tcpip\Enum]
"0"="Root\\LEGACY_TCPIP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
"INITSTARTFAILED"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dhcp]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_dhcp\0000]
"Service"="Dhcp"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="DHCP Client"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000]
"Service"="Tcpip"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="TCP/IP Protocol Driver"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0040"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_tcpip\0000\Control]
  • 0

#18
Cookiegal
Posted 25 January 2012 - 07:49 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Navigate to this file:

C:\WINDOWS\system32\drivers\ipsec.sys

Right-click the ipsec.sys file and select "rename" and change the file extension from .sys to .old.

Then go to Start - Run - type in cmd to open a command prompt.

Type the following and press Enter (be sure to include the spaces between "expand" and "C:" and between IPSEC.SY_ and C:\WINDOWS)

expand C:\i386\IPSEC.SY_ C:\WINDOWS\system32\drivers\ipsec.sys

Then reboot the machine and see if you can connect to the Internet. If not, please run the basic Farbar scan and post the resulting log.
  • 0

#19
Leo2012
Posted 26 January 2012 - 05:46 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Many thanks Cookiegal! I was able to connect to the Internet!

My computer is extremely slow though! Are all the viruses gone?

Which Malware removal program do you recommend that I install?
  • 0

#20
Cookiegal
Posted 26 January 2012 - 06:00 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
We still have more to do but that's good news.

You're running Avira and MalwareBytes aren't you? Those are both good to keep.

Download OTS.exe to your Desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus interferes with OTS, allow it to run.
  • Double-click on OTS.exe to start the program.
  • Under the Additional Scans section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
  • 0

#21
Leo2012
Posted 27 January 2012 - 06:03 AM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hi Cookiegal, please find attached OTS report file as well as a screen shot of a Malware detection by Avira. I clicked on remove.

Attached Thumbnails

  • Avira Message.JPG

Attached Files


  • 0

#22
Cookiegal
Posted 27 January 2012 - 10:16 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
That's good. I was going to have you delete that file in the next round. The original ipsec.sys file was patched (infected) and that's what was preventing the Internet connection. I discovered there was another copy that was a compressed file so we expanded it and used it in place of the infected one, which restored your connection. I renamed it to ipsec.old first though because otherwise the command would have overwritten the file and it was the only other one we had, in case something went wrong.

Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Ziad\Application Data\Mozilla\FireFox\Profiles\du0089co.default\prefs.js
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  3 C:\Documents and Settings\Ziad\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Ziad\Local Settings\temp\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files - No Company Name]
NY ->  mofulipu -> C:\WINDOWS\System32\mofulipu
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]

  • 0

#23
Leo2012
Posted 27 January 2012 - 07:49 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks again Cookiegal :) You have no idea how much I appreciate your help!!

Here's OTS log file followed by HijackThis log:

All Processes Killed
[Registry - Safe List]
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Ziad\Local Settings\temp\859A95E3.TMP deleted successfully.
C:\Documents and Settings\Ziad\Local Settings\temp\is-11UAG.tmp\soref.dll deleted successfully.
C:\Documents and Settings\Ziad\Local Settings\temp\is-11UAG.tmp folder deleted successfully.
[Files - No Company Name]
C:\WINDOWS\System32\mofulipu moved successfully.
[Empty Temp Folders]


User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9584774 bytes
->Java cache emptied: 48611 bytes
->Flash cache emptied: 20062 bytes

User: Ziad
->Temp folder emptied: 3301807 bytes
->Temporary Internet Files folder emptied: 13490981 bytes
->Java cache emptied: 7801846 bytes
->FireFox cache emptied: 180024899 bytes
->Flash cache emptied: 242338 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Ziad
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: Ziad
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 01272012_181059

Files\Folders moved on Reboot...
C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:17 PM, on 1/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PicNotify - PicNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12193 bytes

Edited by Leo2012, 27 January 2012 - 07:53 PM.

  • 0

#24
Cookiegal
Posted 27 January 2012 - 08:20 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please run aswmbr again and post the new log.
  • 0

#25
Leo2012
Posted 27 January 2012 - 09:23 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hey, I ran aswmbr again but it didn't create a log. Windows re-booted though and said that my computer recovered from this serious error: Stop (blue screen) error caused by a device or driver.
  • 0

Advertisements

#26
Cookiegal
Posted 28 January 2012 - 07:57 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please go here and download the TDSSKiller.exe to your desktop.

  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
  • 0

#27
Leo2012
Posted 28 January 2012 - 10:03 AM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hey, I ran TDSSKiller.exe but it said "no threats were found"
  • 0

#28
Cookiegal
Posted 28 January 2012 - 11:04 AM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
When you ran aswmbr, did you click on any of the Fix buttons?
  • 0

#29
Leo2012
Posted 28 January 2012 - 04:55 PM

Leo2012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Nope, I didn't click Fix. I actually didn't see any options to click.
  • 0

#30
Cookiegal
Posted 28 January 2012 - 05:21 PM

Cookiegal

    Visiting Consultant

  • Visiting Consultant
  • 889 posts
Please go to VirusTotal and upload the following file for scanning.
  • Click Browse
  • Copy and paste the contents of the following code box into the text box next to File name: then click Open 
    c:\windows\system32\drivers\ipsec.sys
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP