Not able to Access sites anymore and will not load

not understanding what link you want me to pm you. thanks

Lynangeel wrote:

not understanding what link you want me to pm you. thanks

You mentioned that there was one particular site that you can't access. That's the link I would like you to send me in a pm. I would like to try it, if you don't mind.

I can't log into first-federal bank. Just a blank page but the WalMartone is ok. Let's try something else. Please do this even if you don't have the OS disk.Please tell me if the computer asks for a disk at some point.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

I am sorry for wasting your time on that crappy computer. I have a cd but the door won't open. Need to figure out why now our other good computer is not working right. Not loading sites as well. My husband uses it most and doesn't update things including the virus protection. I try to keep it up but I am usually worried about the other one the kids use. Thanks for your help

Not able to load things also like system restore. already have malwarebytes on this computer and it doesn't show anything. will not let you download new versions of stuff.

Please run SFC even if you don't have the disk and let me know what happens.

Ran it and it didn't change anything

Have you tried re-setting your mode. Disconnect the power supply for at least 30 secs.

My husband uses it most and doesn't update things including the virus protection.

A good AV should update itself.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

yes I have done the modem thing but it isn't that . it says that is connection to the services besides the other computer wouldn't work if the modem has a problem. it runs off the same. when you try to log on it says to diagnose connection problems but when you click to do so it will not do anything. The computer that has no connection has avg on it and it does update itself and doesn't expire unless i take it off. The other computer that is now messing up that my husband uses has avast but it is the free version and it expires every year and when you don't renew it. you have no protection. an he let it expire and i did update it along with a couple other programs it was fine at first but the next day you cannot load anything and I unable to update a couple of the other programs that need it.
I ran the Tdsskiller didn't find anything

Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.
  

Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 28-04-2013 at 20:50:09
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2010-11-17 18:31] - [2013-04-25 08:13] - 0073016 ____A (AVG Technologies CZ, s.r.o.) BCAB8B6531B595A9030274E8B6EAE3D8

ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED AND SHOULD BE REPLACED.

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Aha, two infected files. Now we need to find two clean ones.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.


Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"

Lynangeel wrote:

not able to run this system look. the only way i can download it is to a portable device. can't do it by cd since cd part doesn't work either. when i try it by the device it will not run. I keep getting an error that says "script required"

You should be able to download to a USB memory stick, transfer it to your desktop and then try to run it. I need to see where I can find a copy of those files.

It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"

Lynangeel wrote:

It downloads to the USB stick. I can put it on my desktop but when you click on look it says error "script required"

And, what happens then? Does it close?

nothing, everytime you the script required box comes up you can't do anything and when you close it the program is still up but then you click look button again and it starts all over. maybe it isn't downloading properly due to the fact the this other computer i am typing on is messed up as well. the other scans downloaded ok it seemed.

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
***********************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
  
  FileLook::
  C:\WINDOWS\system32\Drivers\afd.sys
  C:\WINDOWS\system32\Drivers\ipsec.sys
  
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

was not able to run microsoft scanner first. was getting a javascript void error.
ran combo fix first. now able to run the other scan. Here is the results of the combo scan:
ComboFix 13-05-01.03 - Dell User 05/03/2013 11:27:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.445 [GMT -4:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Dell User\Desktop\EZ-Tracks.com.lnk
c:\documents and settings\Dell User\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 14:51 . 2013-05-03 14:51 -------- d-----w- c:\documents and settings\Dell User\Application Data\Registry Kit
2013-05-03 14:41 . 2013-05-03 14:56 -------- d-----w- c:\program files\Registry Kit
2013-05-01 00:05 . 2013-05-01 00:08 -------- dc-h--w- c:\windows\ie8
2013-04-30 00:24 . 2013-04-30 00:24 -------- d-----w- c:\windows\ERUNT
2013-04-30 00:23 . 2013-04-30 00:23 -------- d-----w- C:\JRT
2013-04-29 02:06 . 2013-05-03 15:40 -------- d-----w- c:\windows\system32\CatRoot2
2013-04-29 01:02 . 2013-04-29 01:02 -------- d-----w- c:\documents and settings\Dell User\Local Settings\Application Data\Sun
2013-04-28 23:19 . 2013-04-28 23:19 -------- d-----w- C:\RegBackup
2013-04-28 03:18 . 2013-04-29 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-28 03:15 . 2013-04-28 03:15 -------- d-----w- c:\program files\Tweaking.com
2013-04-28 02:20 . 2008-04-13 21:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-04-28 02:19 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-04-28 02:19 . 2008-04-13 21:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-04-28 02:19 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-04-28 02:19 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-04-28 02:19 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-04-28 02:18 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-04-28 02:18 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-04-28 02:18 . 2008-04-13 15:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-04-28 02:18 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-04-28 02:18 . 2008-04-13 21:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-04-28 02:18 . 2008-04-13 15:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-04-28 02:18 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-04-28 02:18 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD952.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94F.tmp
2013-04-28 02:18 . 2008-04-14 00:11 156672 -c--a-w- c:\windows\system32\dllcache\OLD94C.tmp
2013-04-28 02:16 . 2001-08-17 16:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-04-28 02:15 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-04-28 02:15 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2013-04-28 02:15 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-04-28 02:15 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-04-28 02:15 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-04-28 02:15 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2013-04-28 02:15 . 2001-08-17 17:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2013-04-28 02:15 . 2008-04-13 15:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-04-28 02:15 . 2008-04-13 15:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2013-04-28 02:15 . 2004-08-04 02:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2013-04-28 02:15 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\OLD8DC.tmp
2013-04-28 02:15 . 2008-04-14 00:11 65024 -c--a-w- c:\windows\system32\dllcache\OLD8D9.tmp
2013-04-28 02:15 . 2001-08-18 02:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-04-28 02:13 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2013-04-28 02:12 . 2004-08-04 10:00 455168 -c--a-w- c:\windows\system32\dllcache\OLD898.tmp
2013-04-28 02:11 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2013-04-28 02:10 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2013-04-28 02:10 . 2004-08-04 10:00 16896 -c--a-w- c:\windows\system32\dllcache\OLD850.tmp
2013-04-28 02:10 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2013-04-28 02:10 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2013-04-28 02:10 . 2004-08-04 10:00 101376 -c--a-w- c:\windows\system32\dllcache\OLD847.tmp
2013-04-28 02:10 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2013-04-28 02:10 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-04-28 02:10 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2013-04-28 02:10 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2013-04-28 02:10 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2013-04-28 02:10 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2013-04-28 02:10 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2013-04-28 02:08 . 2008-04-13 15:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2013-04-28 02:07 . 2001-08-17 18:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2013-04-28 02:07 . 2001-08-17 16:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2013-04-28 02:07 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2013-04-28 02:07 . 2001-08-17 16:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2013-04-28 02:07 . 2004-08-04 10:00 18944 -c--a-w- c:\windows\system32\dllcache\OLD7B5.tmp
2013-04-28 02:07 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-04-28 02:07 . 2001-07-21 18:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2013-04-28 02:07 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2013-04-28 02:07 . 2001-08-18 02:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2013-04-28 02:07 . 2001-08-17 16:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2013-04-28 02:07 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2013-04-28 02:07 . 2001-08-17 17:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2013-04-28 02:05 . 2001-08-17 16:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2013-04-28 02:04 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2013-04-28 02:04 . 2001-08-17 16:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2013-04-28 02:04 . 2008-04-14 00:11 26112 -c--a-w- c:\windows\system32\dllcache\OLD757.tmp
2013-04-28 02:04 . 2008-04-13 15:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-04-28 02:04 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2013-04-28 02:04 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2013-04-28 02:04 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\OLD74E.tmp
2013-04-28 02:04 . 2004-08-04 10:00 14848 -c--a-w- c:\windows\system32\dllcache\OLD74A.tmp
2013-04-28 02:04 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2013-04-28 02:04 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2013-04-28 02:02 . 2001-08-18 02:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2013-04-28 02:01 . 2001-08-18 02:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2013-04-28 02:00 . 2001-08-18 02:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2013-04-28 01:59 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2013-04-28 01:59 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2013-04-28 01:59 . 2013-03-07 00:50 2070016 -c--a-w- c:\windows\system32\dllcache\OLD68B.tmp
2013-04-28 01:59 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\OLD686.tmp
2013-04-28 01:59 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2013-04-28 01:59 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2013-04-28 01:59 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2013-04-28 01:59 . 2008-04-13 15:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2013-04-28 01:59 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-04-28 01:59 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2013-04-28 01:59 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2013-04-28 01:57 . 2001-08-17 16:11 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2013-04-28 01:57 . 2001-08-17 17:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2013-04-28 01:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2013-04-28 01:57 . 2001-08-17 17:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2013-04-28 01:57 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2013-04-28 01:57 . 2001-08-17 17:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2013-04-28 01:57 . 2004-08-04 10:00 229439 -c--a-w- c:\windows\system32\dllcache\OLD64A.tmp
2013-04-28 01:57 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2013-04-28 01:57 . 2008-04-13 15:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2013-04-28 01:57 . 2008-04-13 15:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-04-28 01:57 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-04-28 01:57 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-04-28 01:56 . 2008-04-13 15:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-04-28 01:56 . 2004-08-04 10:00 1875968 -c--a-w- c:\windows\system32\dllcache\OLD639.tmp
2013-04-28 01:56 . 2004-08-04 10:00 98304 -c--a-w- c:\windows\system32\dllcache\OLD636.tmp
2013-04-28 01:56 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-04-28 01:56 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-04-28 01:56 . 2008-04-13 15:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-04-28 01:56 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-04-28 01:56 . 2008-04-13 15:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-04-28 01:56 . 2001-08-17 17:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-04-28 01:54 . 2001-08-17 16:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2013-04-28 01:53 . 2001-08-18 02:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-04-28 01:52 . 2008-04-13 21:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2013-04-28 01:51 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\OLD527.tmp
2013-04-28 01:50 . 2001-08-18 02:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2013-04-28 01:49 . 2008-04-14 00:09 13463552 -c--a-w- c:\windows\system32\dllcache\OLD49D.tmp
2013-04-28 01:48 . 2001-08-17 17:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2013-04-28 01:47 . 2008-04-13 15:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2013-04-28 01:46 . 2001-08-17 16:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-04-28 01:45 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 23:01 . 2008-11-22 14:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-26 23:01 . 2011-05-04 16:34 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 22:34 . 2012-04-07 22:44 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 22:34 . 2011-05-17 20:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2005-03-30 01:21 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2005-03-30 01:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-06 22:33 . 2012-01-19 00:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 22:33 . 2010-10-25 02:44 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2010-10-25 02:44 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2010-10-25 02:44 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2010-10-25 02:44 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2010-10-25 02:44 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2010-10-25 02:44 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:06 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2008-04-21 18:47 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 18:56 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\Drivers\afd.sys ---
Company: Microsoft Corporation
File Description: Ancillary Function Driver for WinSock
File Version: 5.1.2600.6142 (xpsp_sp3_gdr.110817-1643)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: afd.sys
File size: 138496
Created time: 2004-08-04 10:00
Modified time: 2011-08-17 13:49
MD5: 1E44BC1E83D8FD2305F8D452DB109CF9
SHA1: 985C2F081D3CFD46692681EB7CF2A1A357EB9FB2
.
.
--- c:\windows\system32\Drivers\ipsec.sys ---
Company: Microsoft Corporation
File Description: IPSec Driver
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ipsec.sys
File size: 75264
Created time: 2004-08-04 10:00
Modified time: 2008-04-13 19:19
MD5: 23C74D75E36E7158768DD63D92789A91
SHA1: 5C6DBEC1D047A3252E8FDAD3A240DDA073ACEFEC
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\documents and settings\Dell User\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"Online Backup Auto Update"="c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2008-11-24 40960]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Dell User\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Documents and Settings\\Dell User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/26/2013 5:12 PM 49248]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/29/2011 1:40 AM 13496]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/27/2012 1:57 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/18/2012 8:31 PM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 10:44 PM 368176]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [8/6/2009 11:14 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [8/6/2009 11:12 PM 1195008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [4/2/2013 11:14 PM 464256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 10:44 PM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/26/2013 9:48 AM 66336]
R2 FilesystemWatcher;Filesystem Watcher;c:\program files\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [9/2/2008 12:02 PM 24576]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [8/29/2011 1:39 AM 820568]
R2 OnlineBackupCommFrameworkService;Online Backup Communication Server;c:\program files\Verizon\Online Backup & Sharing\Communication\OnlineBackup.CommunicationFrameworkService.exe [11/24/2008 4:53 PM 20480]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [12/22/2011 4:34 PM 689464]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
R2 VaultProxy;DigiData Vault Proxy Service;c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.Service.exe [11/21/2008 1:07 PM 16384]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [8/6/2009 11:12 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [8/6/2009 11:14 PM 257432]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [1/23/2009 11:14 PM 402944]
S0 Lbd;Lbd; [x]
S2 OnlineBackupSchedulerService;Online Backup Scheduler; [x]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/26/2013 5:12 PM 164736]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/27/2013 9:25 PM 35144]
S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [4/27/2013 11:18 PM 181064]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [8/29/2011 1:39 AM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [8/29/2011 1:39 AM 16080]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [8/29/2011 1:39 AM 239600]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:34]
.
2013-05-03 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-04-03 00:33]
.
2013-05-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-30 22:32]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 21:12]
.
2013-05-03 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-29 00:19]
.
2013-05-03 c:\windows\Tasks\User_Feed_Synchronization-{36DA956C-FD18-42D8-89F3-9B2AE761A6E3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.

------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-03 11:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\NavLogon.dll
.
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Verizon\Online Backup & Sharing\DigiData.Vault.VaultExplorer.dll
c:\program files\Verizon\Online Backup & Sharing\LogicNP.EZNamespaceExtensions.dll
c:\windows\assembly\GAC_MSIL\DigiData.Vault.Proxy\1.4.0.0__9020972b7d9d3317\DigiData.Vault.Proxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-05-03 11:49:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-03 15:49
ComboFix2.txt 2010-07-05 21:16
.
Pre-Run: 463,269,400,576 bytes free
Post-Run: 463,380,836,352 bytes free
.
- - End Of File - - 5FB6409F193D68579912864069489E98

Download FileFind by Atribune

•Unzip the file and save it to your desktop.
•Double-click on FileFind.exe
•In the box labeled "Enter the directory to search" type C:\

•(note if your default Windows boot drive is not drive C, substitute your drive letter).
•In the box labeled "Enter the file to search" type C:\WINDOWS\system32\Drivers\afd.sys

•Click on the Find button.

•Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.
Add the C:\Export.txt log to your next message.
***********************************************
Also please do a search for this file: C:\WINDOWS\system32\Drivers\ipsec.sys

nothing to export says that 0 files found in 7364 directories

Please try to run SystemLook on page 2 again. If that doesn't work, please try this scanner below.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
  
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• Accept the License agreement and click on next.
  
• It will, by default, install it to your desktop folder. Click Next.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked.
  
  
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

The computer with the two infected files I am not able to get online. This virus remover that you suggested I run I am not able to download. I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.

I tried downloading it to a memory stick but the one I have doesn't have enough space I guess. There is nothing on it but keeps saying to full.

You could use a CD-RW which is re-writable.

Please run the Farbar Service Scanner found on page 2 and post the log again.

Farbar Service Scanner Version: 14-04-2013
Ran by LYNDA (administrator) on 17-05-2013 at 20:40:13
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• Lst Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  

Click Go and copy/paste the log (Result.txt) into your next post.

MiniToolBox by Farbar Version:21-04-2013
Ran by LYNDA (administrator) on 28-05-2013 at 10:37:23
Running from "G:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


System errors:
=============
Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:31 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:30 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%2

Error: (05/28/2013 10:37:29 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/28/2013 10:20:45 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/23/2013 06:48:39 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/17/2013 08:37:51 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/09/2013 06:49:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)

Error: (05/07/2013 09:05:13 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory

Error: (05/04/2013 00:46:35 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to open C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf: No such file or directory


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1014.07 MB
Available physical RAM: 542.33 MB
Total Pagefile: 2442.29 MB
Available Pagefile: 1865.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.24 GB) (Free:21.53 GB) NTFS
4 Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
5 Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT

========================= Users: ========================================

User accounts for \\GENERAL1

Administrator Guest HelpAssistant
LYNDA SUPPORT_388945a0


**** End of log ****

I realize that we've already tried this but please try it again. We need to find a clean file to replace the one that is infected.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.


Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt