Solved Svchost.exe and trojan horse downloader.generic12.bpnf

Status
Not open for further replies.
OK, we have:
Localhost is blocked.
Click to expand...

Let's try to uninstall/reinstall TCP/IP stack.

1. Download winsock.zip
Unzip it.
Right click on Winsock.reg, click "Merge".
Allow registry merge.

2. Restart computer.

3. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
  • On the General tab, click Install a popup window opens.
  • Select Protocol from the list and then click Add.
  • A new window opens, click Have Disk....
  • In the browse... box type c:\windows\inf
  • Click OK.
  • Select Internet Protocol (TCP/IP), and then click OK.
  • Restart and check the connection.

Post new FSS log as well.
 
Upon reboot, the application error message was gone and reboot was fast as before. Network and Internet seem to be running okay. New FSS log;

Farbar Service Scanner Version: 24-04-2012
Ran by S-Industries (administrator) on 28-04-2012 at 23:45:21
Running from "C:\Documents and Settings\S-Industries\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(6) IPSec(4) MDC8021X(9) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
 
Excellent!
FSS log looks good :)

Calling the night but if you still have some time....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL log,part 1;

OTL logfile created on: 4/29/2012 12:10:52 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\S-Industries\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 682.26 Mb Available Physical Memory | 66.76% Memory free
1.90 Gb Paging File | 1.69 Gb Available in Paging File | 89.01% Paging File free
Paging file location(s): C:\pagefile.sys 1021 1221 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.20 Gb Total Space | 44.69 Gb Free Space | 62.77% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 2.22 Gb Free Space | 59.50% Space Free | Partition Type: FAT32
Drive F: | 6.04 Gb Total Space | 2.20 Gb Free Space | 36.36% Space Free | Partition Type: FAT32

Computer Name: SERVICEPC | User Name: S-Industries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 00:03:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S-Industries\Desktop\OTL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2004/09/20 02:29:48 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/06/14 21:09:06 | 000,073,728 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/01 08:42:46 | 000,028,112 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\minilog.exe
PRC - [2001/08/01 08:42:42 | 000,876,560 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
PRC - [2001/08/01 08:42:28 | 000,481,072 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/09/20 02:13:28 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\OPDSL.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\dlbxcoms.exe -- (dlbx_device)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 18:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2004/09/20 02:29:48 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)
SRV - [2001/08/01 08:42:46 | 000,028,112 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\minilog.exe -- (minilog)
SRV - [2001/08/01 08:42:28 | 000,481,072 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS -- (DNINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2009/12/16 14:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 14:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/08 14:49:44 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/11 23:16:37 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/04/22 00:09:00 | 000,120,448 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/01 08:42:36 | 000,100,576 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\SearchScopes,DefaultScope = {54468F84-B2BB-4D9F-9D00-4289C3B57612}
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\SearchScopes\{54468F84-B2BB-4D9F-9D00-4289C3B57612}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\SearchScopes\{571F9CBE-2EE8-4243-BA87-00CF871AE43B}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=1687&l=dir
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...49f56794b87&lang=en&ds=AVG&pr=fr&d=2011-10-17 20:54:03&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-384876645-338377584-626785776-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://ww.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/09 21:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 11:57:52 | 000,000,000 | ---D | M]

[2010/12/29 20:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S-Industries\Application Data\Mozilla\Extensions
[2010/12/29 20:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S-Industries\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/03/31 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S-Industries\Application Data\Mozilla\Firefox\Profiles\nzcrakwz.default\extensions
[2008/12/03 16:07:19 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\S-Industries\Application Data\Mozilla\Firefox\Profiles\nzcrakwz.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/07/17 14:56:45 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\S-Industries\Application Data\Mozilla\Firefox\Profiles\nzcrakwz.default\extensions\yyginstantplay@yoyogames.com
[2012/03/31 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/25 17:02:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/10 16:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/19 08:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/05/26 15:42:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/03/24 20:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012/03/12 17:44:01 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/04/28 21:31:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKU\S-1-5-21-384876645-338377584-626785776-1007..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe (Zone Labs Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-384876645-338377584-626785776-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-384876645-338377584-626785776-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-384876645-338377584-626785776-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-384876645-338377584-626785776-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\S-Industries\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O15 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..Trusted Domains: wildblue.net ([myaccount] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE366FF9-B8C1-4242-861B-A18C6C1E12AB}: DhcpNameServer = 192.168.1.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://icons.wunderground.com/data/640x480/2xradarc3_anim.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\S-Industries\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\S-Industries\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/04/27 21:44:08 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2005/12/02 18:55:06 | 000,000,205 | ---- | M] () - F:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2000/05/04 22:41:30 | 000,000,247 | ---- | M] () - F:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [1999/08/27 20:28:38 | 000,000,139 | ---- | M] () - F:\autoexec.nav -- [ FAT32 ]
O32 - AutoRun File - [2009/07/31 20:50:48 | 000,000,205 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
OTL log, part 2

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 00:05:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S-Industries\Desktop\OTL.exe
[2012/04/28 23:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S-Industries\Desktop\Winsock
[2012/04/28 22:20:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/28 21:28:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/28 18:09:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/28 18:06:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/28 18:06:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/28 18:06:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/28 18:06:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/28 18:06:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/28 18:06:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/28 17:37:44 | 004,478,552 | R--- | C] (Swearware) -- C:\Documents and Settings\S-Industries\Desktop\ComboFix.exe
[2012/04/28 16:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S-Industries\Desktop\bootkit_remover
[2012/04/28 16:21:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\S-Industries\Desktop\aswMBR.exe
[2012/04/28 14:13:31 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\S-Industries\Desktop\dds.scr
[2012/04/28 12:41:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/28 12:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S-Industries\Desktop\tdsskiller
[2012/04/28 00:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/04/27 23:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S-Industries\Application Data\Malwarebytes
[2012/04/27 23:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/27 23:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/27 23:31:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/27 23:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/27 23:29:49 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\S-Industries\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/13 18:12:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/04/13 18:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zone Labs
[2012/04/13 18:12:42 | 000,085,312 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vspubapi.dll
[2012/04/13 18:12:36 | 000,125,584 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsnetutils.dll
[2012/04/13 18:12:35 | 000,137,120 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil.dll
[2012/04/13 18:12:35 | 000,087,408 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsmonapi.dll
[2012/04/13 18:12:35 | 000,053,344 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdata.dll
[2012/04/13 18:12:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2012/04/13 18:12:34 | 000,100,576 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsdatant.sys
[2012/04/13 18:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/04/07 14:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/29 00:03:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S-Industries\Desktop\OTL.exe
[2012/04/28 23:49:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/28 23:42:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/28 23:42:45 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/28 23:33:12 | 000,000,269 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\Winsock.zip
[2012/04/28 23:11:10 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\FSS.exe
[2012/04/28 21:31:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/28 18:10:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/28 17:35:44 | 004,478,552 | R--- | M] (Swearware) -- C:\Documents and Settings\S-Industries\Desktop\ComboFix.exe
[2012/04/28 17:10:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\MBR.dat
[2012/04/28 16:17:00 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\bootkit_remover.zip
[2012/04/28 16:15:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\S-Industries\Desktop\aswMBR.exe
[2012/04/28 14:11:58 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\S-Industries\Desktop\dds.scr
[2012/04/28 12:36:28 | 002,054,861 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\tdsskiller.zip
[2012/04/27 23:31:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 23:27:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\S-Industries\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 22:20:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/13 18:12:47 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk
[2012/04/08 22:28:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/08 20:12:51 | 080,651,964 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2012/04/07 20:29:07 | 000,415,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/07 17:55:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/04/07 16:02:09 | 000,294,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/28 23:35:40 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\Winsock.zip
[2012/04/28 23:20:07 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\FSS.exe
[2012/04/28 21:30:57 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/28 18:10:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/28 18:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/28 18:06:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/28 18:06:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/28 18:06:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/28 18:06:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/28 18:06:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/28 17:10:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\MBR.dat
[2012/04/28 16:21:46 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\bootkit_remover.zip
[2012/04/28 12:39:17 | 002,054,861 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\tdsskiller.zip
[2012/04/27 23:31:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/27 23:22:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\S-Industries\Desktop\gmer.exe
[2012/04/13 18:12:47 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk
[2012/02/14 17:14:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/04 16:07:53 | 000,000,406 | ---- | C] () -- C:\WINDOWS\sa4_wksp.ini
[2012/02/04 16:07:35 | 000,000,160 | ---- | C] () -- C:\WINDOWS\sa6.INI
[2012/01/19 20:46:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/31 19:23:53 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\S-Industries\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/27 19:04:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/02/23 19:31:03 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2010/12/30 18:46:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\juno.ini
[2010/09/22 20:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2010/09/22 20:48:13 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2010/09/18 12:36:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/09/18 12:36:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/29 21:29:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2010/08/28 15:15:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/28 15:13:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/08/28 14:36:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/28 14:35:04 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/28 14:35:04 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/08/28 14:35:04 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/08/28 14:35:04 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/28 14:35:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/08/28 14:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/08/26 20:04:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2010/08/26 20:03:07 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2010/08/26 20:02:45 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2010/08/26 20:02:45 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL

========== LOP Check ==========

[2011/09/06 21:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/01/09 12:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/11/06 09:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/04/09 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/22 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/09/27 20:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/12/29 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/10/11 23:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/25 18:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2011/01/01 13:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/02/06 11:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\Auslogics
[2009/01/22 17:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\GameHouse
[2010/09/12 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\Leadertech
[2011/09/12 17:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\Millennia
[2008/02/18 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\SoundSpectrum
[2010/12/29 20:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\TomTom
[2008/11/04 11:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\Viewpoint
[2010/09/01 22:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\wsInspector
[2009/01/22 10:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\ZiggyGames
[2012/04/28 23:49:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/08 10:39:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/04/28 18:10:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/04/28 21:42:04 | 000,077,982 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/10/11 22:52:50 | 000,004,836 | RH-- | M] () -- C:\dell.sdr
[2010/08/28 14:46:42 | 000,000,544 | ---- | M] () -- C:\dlbx.log
[2010/08/28 14:41:13 | 000,052,090 | ---- | M] () -- C:\dlbxscan.log
[2012/04/28 23:42:45 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2008/01/08 11:21:30 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/10/11 23:16:59 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/28 14:34:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/28 23:42:44 | 1070,596,096 | -HS- | M] () -- C:\pagefile.sys
[2008/01/09 12:58:31 | 000,000,172 | ---- | M] () -- C:\setupfax.log
[2009/04/16 03:09:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/17 14:29:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/27 18:02:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/20 13:06:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/26 15:50:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/26 16:03:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/27 15:55:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/10 03:10:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/14 11:11:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/15 08:28:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/18 15:02:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/07/01 08:31:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/07/18 15:08:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/07/21 11:46:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/07/22 17:29:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/07/24 16:14:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/08/22 20:28:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/08/23 16:47:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/10 03:06:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/18 08:28:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/16 03:09:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/17 14:29:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/27 18:02:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/20 13:06:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/26 15:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/26 16:03:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/27 15:55:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/10 03:10:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/14 11:11:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/15 08:28:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/18 15:02:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/07/01 08:31:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/07/18 15:08:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/07/21 11:46:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/07/22 17:29:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/07/24 16:14:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/08/22 20:28:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/08/23 16:47:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/10 03:06:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/18 08:28:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/10/11 23:17:10 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2012/04/28 12:42:05 | 000,101,128 | ---- | M] () -- C:\TDSSKiller.2.7.33.0_28.04.2012_12.40.43_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/09 00:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/28 14:40:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/10/28 14:48:42 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\S-Industries\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\S-Industries\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/04/28 16:15:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\S-Industries\Desktop\aswMBR.exe
[2012/04/28 17:35:44 | 004,478,552 | R--- | M] (Swearware) -- C:\Documents and Settings\S-Industries\Desktop\ComboFix.exe
[2012/04/28 23:11:10 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\FSS.exe
[2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\S-Industries\Desktop\gmer.exe
[2012/04/27 23:27:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\S-Industries\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/29 00:03:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S-Industries\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/08 08:21:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/28 23:49:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 05:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/04/28 23:42:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/04/21 15:10:31 | 011,817,800 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\S-Industries\My Documents\GoogleEarth.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/26 20:03:32 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\S-Industries\Favorites\Corel Macros.LNK
[2008/10/28 14:48:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\S-Industries\Favorites\Desktop.ini
[2010/08/26 20:03:32 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\S-Industries\Favorites\Graphics.LNK
[2010/08/26 20:03:32 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\S-Industries\Favorites\Personal Files.LNK

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/04/29 00:15:01 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\S-Industries\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-14 08:06:49

< >
< End of report >
 
Extras log;

OTL Extras logfile created on: 4/29/2012 12:10:52 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\S-Industries\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 682.26 Mb Available Physical Memory | 66.76% Memory free
1.90 Gb Paging File | 1.69 Gb Available in Paging File | 89.01% Paging File free
Paging file location(s): C:\pagefile.sys 1021 1221 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.20 Gb Total Space | 44.69 Gb Free Space | 62.77% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 2.22 Gb Free Space | 59.50% Space Free | Partition Type: FAT32
Drive F: | 6.04 Gb Total Space | 2.20 Gb Free Space | 36.36% Space Free | Partition Type: FAT32

Computer Name: SERVICEPC | User Name: S-Industries | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Disabled:vnc5900
"5800:TCP" = 5800:TCP:*:Disabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Disabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Disabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7E545666-F425-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Retail Edition 2007
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"CenturyLink Remote Control" = CenturyLink Remote Control
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"G-Force" = G-Force
"ie8" = Windows Internet Explorer 8
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Legacy 7.5" = Legacy 7.5
"LegacyChart7_is1" = Legacy Charting 7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SystemRequirementsLab" = System Requirements Lab
"The Print Shop Suite 6.0" = The Print Shop® 6.0 Deluxe
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2012 10:34:46 PM | Computer Name = SERVICEPC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/28/2012 10:45:03 PM | Computer Name = SERVICEPC | Source = SENS | ID = 0
Description =

Error - 4/28/2012 10:51:56 PM | Computer Name = SERVICEPC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/28/2012 10:59:27 PM | Computer Name = SERVICEPC | Source = SENS | ID = 0
Description =

Error - 4/28/2012 11:27:18 PM | Computer Name = SERVICEPC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/28/2012 11:27:19 PM | Computer Name = SERVICEPC | Source = SENS | ID = 0
Description =

Error - 4/28/2012 11:42:00 PM | Computer Name = SERVICEPC | Source = JavaQuickStarterService | ID = 1
Description =

Error - 4/28/2012 11:42:01 PM | Computer Name = SERVICEPC | Source = SENS | ID = 0
Description =

Error - 4/29/2012 12:13:43 AM | Computer Name = SERVICEPC | Source = SENS | ID = 0
Description =

Error - 4/29/2012 12:38:09 AM | Computer Name = SERVICEPC | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 4/29/2012 12:38:11 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The MRENDIS5 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 4/29/2012 12:38:11 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 4/29/2012 12:38:11 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater10.2.0 service failed to start due to the following
error: %%2

Error - 4/29/2012 12:38:11 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%10047

Error - 4/29/2012 12:40:00 AM | Computer Name = SERVICEPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/29/2012 12:42:50 AM | Computer Name = SERVICEPC | Source = Print | ID = 23
Description = Printer Dell Printer Fax Tools failed to initialize because a suitable
CAPTURE FAX driver could not be found.

Error - 4/29/2012 12:42:54 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The DNINDIS5 NDIS Protocol Driver service failed to start due to the
following error: %%3

Error - 4/29/2012 12:42:54 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The MREMPR5 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 4/29/2012 12:42:54 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The MRENDIS5 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 4/29/2012 12:42:54 AM | Computer Name = SERVICEPC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater10.2.0 service failed to start due to the following
error: %%2


< End of report >
 
You can reinstall AVG at any time now.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-384876645-338377584-626785776-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
[2005/10/11 23:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/04 11:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S-Industries\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Well, came in tonight and was going to start up where we left off at. Booted the desktop and guess what, no internet. That is, the network won't assign an address. It's seeing the radio signal ok, but not aquiring an address. So awaiting advice before proceeding. Another FSS scan, firewall issues (svchost.exe is apparently attempting to connect to 239.255.255.250, IANA says that is reserved for special uses,and 255.255.255.255.) to a number that is blocked that needs to be unblocked, or what next? Did I mention that I have a second hard drive on this machine? Possible cross infection? Tugging at straws now.
 
Fresh FSS log;

Farbar Service Scanner Version: 24-04-2012
Ran by S-Industries (administrator) on 30-04-2012 at 20:24:00
Running from "C:\Documents and Settings\S-Industries\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(6) IPSec(4) MDC8021X(9) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
 
That looks good.

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Devices (do NOT change any settings)
  • List Users, Partitions and Memory size
Click Go and post the result.
 
MiniToolBox log;

MiniToolBox by Farbar Version: 18-01-2012
Ran by S-Industries (administrator) on 30-04-2012 at 20:34:12
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Linksys Wireless-G PCI Adapter = Wireless Network Connection 3 (Connected)
Intel(R) PRO/100 VE Network Connection = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
# Interface IP Configuration for "Wireless Network Connection 3"
set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

popd
# End of interface IP configuration


Windows IP Configuration

Host Name . . . . . . . . . . . . : ServicePC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-13-20-99-E0-7A

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter
Physical Address. . . . . . . . . : 00-12-17-8D-9A-C3
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Autoconfiguration IP Address. . . : 169.254.239.67
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 99 e0 7a ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 12 17 8d 9a c3 ...... Linksys Wireless-G PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.239.67 169.254.239.67 20
169.254.239.67 255.255.255.255 127.0.0.1 127.0.0.1 25
169.254.255.255 255.255.255.255 169.254.239.67 169.254.239.67 25
224.0.0.0 240.0.0.0 169.254.239.67 169.254.239.67 25
255.255.255.255 255.255.255.255 169.254.239.67 2 1
255.255.255.255 255.255.255.255 169.254.239.67 169.254.239.67 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (04/28/2012 11:38:09 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)
Error: (04/28/2012 11:13:43 PM) (Source: SENS) (User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:42:01 PM) (Source: SENS) (User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:42:00 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 10:27:19 PM) (Source: SENS) (User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:27:18 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 09:59:27 PM) (Source: SENS) (User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 09:51:56 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 09:45:03 PM) (Source: SENS) (User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 09:34:46 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)

System errors:
=============
Error: (04/30/2012 07:34:54 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D
Error: (04/30/2012 07:34:37 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater10.2.0 service failed to start due to the following error:
%%2
Error: (04/30/2012 07:34:37 PM) (Source: Service Control Manager) (User: )
Description: The MRENDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2
Error: (04/30/2012 07:34:37 PM) (Source: Service Control Manager) (User: )
Description: The MREMPR5 NDIS Protocol Driver service failed to start due to the following error:
%%2
Error: (04/30/2012 07:34:37 PM) (Source: Service Control Manager) (User: )
Description: The DNINDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%3
Error: (04/30/2012 07:34:34 PM) (Source: Print) (User: SYSTEM)
Description: Printer Dell Printer Fax Tools failed to initialize because a suitable CAPTURE FAX driver could not be found.
Error: (04/30/2012 07:31:05 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D
Error: (04/30/2012 07:30:47 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater10.2.0 service failed to start due to the following error:
%%2
Error: (04/30/2012 07:30:47 PM) (Source: Service Control Manager) (User: )
Description: The MRENDIS5 NDIS Protocol Driver service failed to start due to the following error:
%%2
Error: (04/30/2012 07:30:47 PM) (Source: Service Control Manager) (User: )
Description: The MREMPR5 NDIS Protocol Driver service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (04/28/2012 11:38:09 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)
Error: (04/28/2012 11:13:43 PM) (Source: SENS)(User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:42:01 PM) (Source: SENS)(User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:42:00 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 10:27:19 PM) (Source: SENS)(User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 10:27:18 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 09:59:27 PM) (Source: SENS)(User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 09:51:56 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)
Error: (04/28/2012 09:45:03 PM) (Source: SENS)(User: )
Description: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.
ServiceStart(): SensInitialize() failed
Error: (04/28/2012 09:34:46 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10093)

========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 32%
Total physical RAM: 1021.98 MB
Available physical RAM: 694.33 MB
Total Pagefile: 1949.47 MB
Available Pagefile: 1740.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.76 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:71.2 GB) (Free:44.75 GB) NTFS
3 Drive e: (STORE N GO) (Removable) (Total:3.73 GB) (Free:2.22 GB) FAT32
4 Drive f: (ST36531A) (Fixed) (Total:6.04 GB) (Free:2.2 GB) FAT32
========================= Users: ========================================
User accounts for \\SERVICEPC
Administrator Guest HelpAssistant
S-Industries SUPPORT_388945a0

**** End of log ****
 
It looks like some settings are messed up but before we try to fix them....
Are we talking here about wireless or wired connection?
 
Well, don't have a cable long enough to reach router from here. Would have to break it down and move it. Possible though.
 
Before you go there.....

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
p4491747.gif

Make sure "DNS" tab looks like this:
p4491748.gif

Make sure "WINS" tab looks like this:
p4491749.gif

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
 
Will do. Btw, 127.0.0.1 is on my firewall list of outbound ip's to drop. Got paranoid when writing and blocked anything out of this computer.
 
Not permit or refuse,but to drop without rejecting. Btw, the TCP/IP all looked ok, only it wasn't v4. Just straight TCP/IP.
 
Ok, good news. I have two firewalls. One at the dsl modem where I wrote rules specifiying ip's to allow and block. ZoneAlarm on the machine that had the trojan that would allow control over applications and processes connecting to local and internet. ZoneAlarm was choked down to tight, loosened the security and allowed some services more freedom and all was right. Question is why did it work the other night as it was?
 
I presume to pick up where were at on #34. But first another FSS scan and log;

Farbar Service Scanner Version: 24-04-2012
Ran by S-Industries (administrator) on 30-04-2012 at 21:29:09
Running from "C:\Documents and Settings\S-Industries\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(6) IPSec(4) MDC8021X(9) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.
**** End of log ****
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
482
eriksnyman1
E
B
Windows 11 not connecting remotely to server
Replies
0
Views
457
blakhatter
B
A
Google's IP Protection is a new experiment to fight IP-based tracking
Replies
8
Views
404
Darkmatter
Darkmatter

Latest posts

Back