Articles

All browser links redirecting to ads

October 3, 2011 at 00:14:49
Specs: Windows XP SP3

I just started having a problem where all browser links are redirecting to ads. I thought I'd be immune from this problem as I was not really using this computer for daily tasks, just a media server that sits in the garage, but I feel like that after some windows updates, this problem just started. It's a Dell desktop running Windows XP SP3. I can't get it to boot normally-keep getting a BSOD that says disable antivirus and firewall, but CAN get it to boot in safe mode. In safe mode, the screen is mildly distorted, but still viewable, and I can't get any antivirus scans to run (AVG, Malwarebytes). Running a scan of Kaspersky with settings from another post with similar links issue overnight tonight.

Would anyone be able to help?


See More: All browser links redirecting to ads

Report •


#1
October 3, 2011 at 09:54:22

run these 3 tools in the exact order
1- rkill.exe
2- tdss killer
3- Malwarebytes

and don't reboot untill the last scan has finished.

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#2
October 3, 2011 at 20:41:50

Thank you for your reply!

So I ran:

rkill.exe-report said nothing
tdss killer-cured 1 threat, deleted 2 suspicious
malwarebytes-ran for about 2min, scanned up to about 400 items, then disappeared/shut down

CH


Report •

#3
October 3, 2011 at 21:31:59

Reboots OK! Still have to do a normal reboot but so far so good. Will reply when I have had a chance to test again.

Report •

Related Solutions

#4
October 4, 2011 at 22:03:40

So I tested booting again selectively with many services/programs turned off in System Configuration. Should I just try with all of them on?

Anyway, Opencloud security malware comes up and tries to prevent me from running anything. Task mgr won't start unless I launch repeatedly fast.

Thanks in advance

CH


Report •

#5
October 5, 2011 at 09:32:45

Opencloud security malware comes up and tries to prevent me from running anything.

where did that come from?

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#6
October 5, 2011 at 16:30:36

"Opencloud security malware comes up and tries to prevent me from running anything.

where did that come from?"

That's his infection.

Removal instructions for OpenCloud Security

http://forums.malwarebytes.org/inde...


Report •

#7
October 5, 2011 at 22:02:36

Sorry I didn't mention the Opencloud earlier. I thought it was just related to the redirected ads and was coming up from the browser to look like actual antivirus software (I'm sure you know what I mean).

Anyway, this time when it came up and prevented me from doing any actions, it was definitely more aggressive.

Thanks for the suggestion. Will let you know how it goes.

CH


Report •

#8
October 5, 2011 at 22:24:25

try
Trojan Remover and Hitman Pro
Run them both till they are clean.

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#9
October 9, 2011 at 00:49:52

Thanks for the suggestions.

Now I appear to be getting most of the Opencloud infected files out with multiple runs of Kaspersky. Malwarebytes wasn't really keeping the Opencloud files from popping up again. Another unfortunate situation is there is something wrong that is not allowing me to connect to the internet on this machine.

Therefore, most of the scans I have done couldn't be upgraded to most current virus dbs and couldn't run hitman at all.

From researching threads, it sounds like it is due to a DCHP client issue and I think I tracked it down to a missing NetBios over TCP/IP service that is a dependency for DCHP. If I don't see this NetBios over TCP/IP in Administrative tools/Services is that a problem?

Also, when I try to start the DCHP client in Services manually, I get an error that is related to afd.sys which I don't see in the system32 drivers now.

Lastly, sometimes getting a some kind of malware for "FastScan" coming up sometimes on normal reboot now.


Report •

#10
October 9, 2011 at 09:16:36

for removing trojan remover and hitman pro, uninstall them using their own uninstaller in all programs, that will remove them....if you try uninstalling them in add/remove they WILL NOT uninstall properly.

You may want to run combofix to clear up the rest of the problems:
http://www.bleepingcomputer.com/com...
Follow the guide on that site carefully and you should be fine.

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#11
October 9, 2011 at 20:34:52

thank you for the suggestions. Got the programs uninstalled but can't run combofix b/c now connection and it says something is missing from the windows recovery console. Error says it can try to download the info but with no connection, I'm stuck.

CH


Report •

#12
October 9, 2011 at 21:37:47

what is the EXACT error?

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#13
October 9, 2011 at 22:17:01

Thanks for your reply XpUser4Real!

Sorry I didn't get the exact error but looks like Combofix ran it's course anyway and still no connection available.

Below is the log:


ComboFix 11-10-09.01 - Chuck D 10/09/2011 21:32:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2165 [GMT -7:00]
Running from: c:\documents and settings\Chuck D\Desktop\ComboFix.exe
AV: ThreatFire *Enabled/Updated* {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\console.exe
c:\documents and settings\All Users\Application Data\microsoft\media index\wmplibrary_v_0_12.lrd
c:\documents and settings\Chuck D\Application Data\.#
c:\documents and settings\Chuck D\Application Data\.#\MBX@16A0@11B41F8.###
c:\documents and settings\Chuck D\Application Data\.#\MBX@16A0@11B4228.###
c:\documents and settings\Chuck D\Application Data\.#\MBX@16A0@11B4258.###
c:\documents and settings\Chuck D\Application Data\.#\MBX@E04@11B41F8.###
c:\documents and settings\Chuck D\Application Data\.#\MBX@E04@11B4228.###
c:\documents and settings\Chuck D\Application Data\.#\MBX@E04@11B4258.###
c:\documents and settings\Chuck D\Application Data\inst.exe
c:\documents and settings\Chuck D\Application Data\PnF4amH6sJfLgZjOpenCloud Security.ico
c:\documents and settings\Chuck D\Application Data\PriceGong
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\10.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\94.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Chuck D\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Chuck D\Application Data\QWJ7dEL8gZhCkVOpenCloud Security.ico
c:\documents and settings\Chuck D\Application Data\sA1ivD2on4m5W7EOpenCloud Security.ico
c:\documents and settings\Chuck D\Application Data\xyxA0uvS2b3m5QOpenCloud Security.ico
c:\documents and settings\Chuck D\Application Data\Y2ibD3pnGaHdKfLOpenCloud Security.ico
c:\documents and settings\Chuck D\Start Menu\Programs\OpenCloud Security
c:\documents and settings\Chuck D\Start Menu\Programs\OpenCloud Security\OpenCloud Security.lnk
c:\documents and settings\Chuck D\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\windows\$BLSTUN$
c:\windows\$BLSTUN$\apUninstall.exe
c:\windows\$NtUninstallKB16721$
c:\windows\$NtUninstallKB16721$\271282139
c:\windows\$NtUninstallKB16721$\660576753\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB16721$\660576753\L\asobptkf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\iun6002.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2100-02-09 00:03 . 2001-05-11 19:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2011-10-09 06:49 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-09 06:49 . 2008-04-13 19:19 138112 ----a-w- c:\windows\system32\dllcache\afd.sys
2011-10-06 06:46 . 2011-10-06 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-06 06:46 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 06:33 . 2011-10-06 06:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-10-06 06:31 . 2011-10-06 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-10-06 06:31 . 2011-10-06 06:31 -------- d-----w- c:\documents and settings\Chuck D\Application Data\Y2ibD3pnGaHdKfL
2011-10-06 06:31 . 2011-10-06 06:31 -------- d-----w- c:\documents and settings\Chuck D\Application Data\oRZqhYCwkVlNx0c
2011-10-06 05:58 . 2011-10-06 05:58 -------- d-----w- c:\documents and settings\Chuck D\Application Data\xyxA0uvS2b3m5Q
2011-10-06 05:57 . 2011-10-06 05:57 -------- d-----w- c:\documents and settings\Chuck D\Application Data\VJ7fEL9gTqYeIrO
2011-10-06 05:29 . 2011-10-06 05:29 -------- d-----w- c:\documents and settings\Chuck D\Application Data\QWJ7dEL8gZhCkV
2011-10-06 05:29 . 2011-10-06 05:29 -------- d-----w- c:\documents and settings\Chuck D\Application Data\FBrzPNycAuDoFpH
2011-10-05 05:01 . 2011-10-05 05:01 -------- d-----w- c:\documents and settings\Chuck D\Application Data\sA1ivD2on4m5W7E
2011-10-05 05:01 . 2011-10-05 05:01 -------- d-----w- c:\documents and settings\Chuck D\Application Data\GfRL9hTXwUeItPy
2011-10-05 04:51 . 2011-10-05 04:51 -------- d-----w- c:\documents and settings\Chuck D\Application Data\PnF4amH6sJfLgZj
2011-10-05 04:51 . 2011-10-05 04:51 -------- d-----w- c:\documents and settings\Chuck D\Application Data\cRZ9hTXwjVlBz0c
2011-10-04 03:33 . 2011-10-04 03:33 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-30 05:23 . 2011-09-30 05:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-30 05:07 . 2011-09-30 05:07 -------- d-----w- c:\documents and settings\Chuck D\Application Data\AVG2012
2011-09-30 05:01 . 2011-10-02 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-09-30 04:55 . 2011-09-30 04:55 -------- d-----w- c:\program files\AVG
2011-09-30 04:49 . 2011-09-30 04:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-09-30 04:48 . 2011-10-02 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-09-30 03:21 . 2011-09-30 03:21 -------- d-----w- c:\documents and settings\Chuck D\Local Settings\Application Data\AOL
2011-09-29 22:09 . 2011-09-29 22:09 -------- d-----w- c:\documents and settings\Chuck D\Local Settings\Application Data\Babylon
2011-09-29 22:09 . 2011-09-29 22:09 -------- d-----w- c:\documents and settings\Chuck D\Application Data\Babylon
2011-09-29 22:09 . 2011-09-29 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2011-09-29 22:08 . 2011-10-03 07:30 -------- d-----w- c:\documents and settings\Chuck D\Application Data\bbbbF33pmG5
2011-09-29 22:08 . 2011-09-29 22:08 -------- d-----w- c:\documents and settings\Chuck D\Application Data\LIIIVrzzONxA0v2
2011-09-29 22:08 . 2011-09-29 22:08 -------- d-----w- c:\documents and settings\Chuck D\Application Data\SEEKK8ggRZ
2011-09-29 06:08 . 2011-09-29 06:08 -------- d-----w- c:\documents and settings\Chuck D\Application Data\VirtualStore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-06 09:40 . 2002-08-29 10:00 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-10-06 09:37 . 2010-01-07 21:38 51712 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2011-10-06 09:37 . 2002-08-29 10:00 47104 ----a-w- c:\windows\system32\wuauclt.exe
2011-10-06 09:37 . 2008-05-27 06:18 439808 ----a-w- c:\windows\system32\searchindexer.exe
2011-10-06 09:37 . 2008-05-27 06:18 184832 ----a-w- c:\windows\system32\searchprotocolhost.exe
2011-10-06 09:36 . 2006-07-25 02:33 159744 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-06 09:36 . 2000-06-26 11:44 53248 ----a-w- c:\windows\system32\MsPMSPSv.exe
2011-10-06 09:36 . 2001-10-12 14:42 311296 ----a-w- c:\windows\system32\LEXBCES.EXE
2011-09-09 09:12 . 2004-07-14 16:29 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-29 15:59 . 2008-09-29 08:29 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2011-08-29 15:58 . 2008-09-29 08:28 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-07-19 06:46 . 2010-04-06 19:38 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-19 06:46 . 2010-04-06 19:38 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-19 06:46 . 2010-04-06 19:38 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-19 06:46 . 2010-04-06 19:38 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-19 06:46 . 2010-04-06 19:37 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-07-19 06:46 . 2010-04-06 19:37 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-15 13:29 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2001-05-09 00:36 . 2000-12-05 23:56 114688 ----a-w- c:\program files\lxarscan.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-10-06 . 78DF15641954BC2907BB2B6E5BD28B5F . 47104 . . [7.4.7600.226] . . c:\windows\SYSTEM32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
[7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2004-08-04 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Chuck D\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Chuck D\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Chuck D\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Chuck D\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 20:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 20:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Spyware Doctor"="c:\documents and settings\Chuck D\Desktop\sdsetup_revwire207.exe" [2011-10-02 512992]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MAFWTaskbarApp"="c:\windows\system32\MAFWTray.exe" [2004-06-23 151552]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-25 266240]
"Orb"="c:\program files\Winamp Remote\bin\OrbLauncher.exe" [2010-05-01 754800]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2009-12-29 924672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\Chuck D\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Chuck D\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-10 113664]
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2007-7-11 97320]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111.exe [2007-7-11 1056860]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
ZyXEL M-202 Utility.lnk - c:\program files\ZyXEL\M-202\M-202.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-19 06:46 87424 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"NICSer_M202"=2 (0x2)
"a2free"=2 (0x2)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbLauncher.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbSetupWizard.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbControlPanel.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Documents and Settings\\Chuck D\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Soulseek-Test2\\slsk.exe"=
"c:\\Program Files\\deepinvent\\MailStore Home\\MailStoreLocal.exe"=
"c:\\WINDOWS\\SYSTEM32\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\E-Zsoft\\DVDtoiPodConverter\\DVDtoiPodConverter.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 11:08 PM 368640]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/27/2009 8:56 PM 24576]
S3 CyUsb;U-HID Firmware upgrade;c:\windows\SYSTEM32\DRIVERS\CyUsb.sys [6/7/2011 12:11 AM 34304]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [11/9/2009 10:49 PM 47360]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\SYSTEM32\DRIVERS\uks11ldr.sys [7/17/2004 11:33 AM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\SYSTEM32\DRIVERS\usbkt1x1.sys [7/17/2004 11:33 AM 22304]
S3 ZD1211BU(ZyXEL);ZyXEL 802.11g Wireless USB Adapter Driver(ZyXEL);c:\windows\system32\DRIVERS\zd1211Bu.sys --> c:\windows\system32\DRIVERS\zd1211Bu.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-11 19:02]
.
2011-10-09 c:\windows\Tasks\Orb Index when idle.job
- c:\program files\Winamp Remote\bin\OrbLauncher.exe [2010-05-01 18:21]
.
2011-10-10 c:\windows\Tasks\User_Feed_Synchronization-{F485698F-1432-48D9-9CF9-1721E11338E2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: eye.fi\manager
Trusted Zone: mercuryserver.com\www
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Chuck D\Application Data\Mozilla\Firefox\Profiles\0jjvpnz7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.type - 0
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKLM-Run-Auto EPSON Stylus Photo R220 SeriesHardwire on CHUCKANDROLL - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
HKLM-Run-EPSON Stylus Photo R200 SeriesHardwire121308 - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
HKLM-Run-WinVNC - c:\program files\TightVNC\WinVNC.exe
HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
HKLM-Run-M-Audio Taskbar Icon - c:\windows\System32\M-AudioTaskBarIcon.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-DeltTray - DeltTray.exe
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
HKLM-Run-ClamWin - c:\program files\ClamWin\bin\ClamTray.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
SafeBoot-62492564.sys
SafeBoot-87608120.sys
AddRemove-$BLSTUN$ - c:\windows\$BLSTUN$\apUninstall.exe
AddRemove-1100 DX - c:\program files\steinberg\vstplugins\DeIsL1.isu
AddRemove-6000 Sound Effects - c:\6ksfx\DeIsL1.isu
AddRemove-AKAI professional VST Collection v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\Akai\UNWISE.EXE
AddRemove-AviSynth2 - c:\program files\AviSynth2\uninst.exe
AddRemove-BombThatBeat.v2.4-OxYGeN - c:\progra~1\STEINB~1\VSTPLU~1\bombhelp\UNWISE.EXE
AddRemove-DiscoDSP Discovery VSTi v2.0 - c:\progra~1\STEINB~1\VSTPLU~1\DISCOD~1\DISCOV~1\UNWISE.EXE
AddRemove-discoDSP Phantom_is1 - c:\program files\Steinberg\Vstplugins\discoDSP\unins000.exe
AddRemove-HTML Help Workshop - c:\program files\SynthEdit\setup.exe
AddRemove-KeyStation1x1 - c:\windows\iun6002.exe
AddRemove-Korg Legacy Collection VSTi v1.0.02 - c:\progra~1\STEINB~1\VSTPLU~1\Korg\LEGACY~1\UNWISE.EXE
AddRemove-LinPlug FreeAlpha - c:\program files\Steinberg\Vstplugins\Free Alpha\UninstalFreeAlpha.exe
AddRemove-NI Absynth v1.3.4-OxYGeN - c:\absynth\UNWISE.EXE
AddRemove-Novation Bass-Station VSTi v1.10 - c:\progra~1\STEINB~1\VSTPLU~1\BASS-S~1\BASS-S~1\UNWISE.EXE
AddRemove-Ohmforce Predatohm VST PRO v1.24 - c:\progra~1\STEINB~1\VSTPLU~1\OHMFOR~1\PREDAT~1\UNWISE.EXE
AddRemove-rgc:audio sfz VSTi_is1 - c:\program files\Steinberg\Vstplugins\unins000.exe
AddRemove-rgc:audio Triangle II Monophonic Synthesizer_is1 - c:\program files\Steinberg\Vstplugins\Triangle 2\unins000.exe
AddRemove-Rob Papen Albino 2 - c:\progra~1\STEINB~1\VSTPLU~1\ALBINO~1\ALBINO~1\UNWISE.EXE
AddRemove-Rob Papen and LinPlug Albino Presets Addon - c:\progra~1\STEINB~1\VSTPLU~1\Albino\AlbinoFx\ADDONU~1\UNWISE.EXE
AddRemove-Sample Tank XL - c:\progra~1\STEINB~1\VSTPLU~1\IKMULT~1\UNWISE.EXE
AddRemove-Sonic Charge ┬ÁTonic VST - c:\program files\Steinberg\Vstplugins\SonicCharge\UnInstall_uTonicVST.exe
AddRemove-Speech Synthesizer5.0 - c:\windows\iun6002.exe
AddRemove-Steinberg Magneto VST v1.5 - c:\progra~1\STEINB~1\VSTPLU~1\Magneto\UNWISE.EXE
AddRemove-Synapse Junglist VSTi v3.2 - c:\progra~1\STEINB~1\VSTPLU~1\Junglist\UNWISE.EXE
AddRemove-Synth1 - c:\program files\Steinberg\Vstplugins\SYNTHESIZERS\Synth1\setup.exe
AddRemove-TC.Works.Native.Bundle.v3.0.VST.WinAll.Repack-cRime - c:\progra~1\STEINB~1\VSTPLU~1\TCNATI~1\TCVSTP~1\UNWISE.EXE
AddRemove-Triangle I VSTi_is1 - c:\program files\Steinberg\Vstplugins\Triangle 1\unins000.exe
AddRemove-Vanguard Demo_is1 - c:\program files\Steinberg\Vstplugins\Vanguard\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mozybackup]
"ImagePath"=multi:"\"c:\program files\MozyHome\mozybackup.exe\"\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mozyFilter]
"ImagePath"=multi:"system32\DRIVERS\mozy.sys\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mozybackup]
"ImagePath"=multi:"\"c:\program files\MozyHome\mozybackup.exe\"\00"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mozyFilter]
"ImagePath"=multi:"system32\DRIVERS\mozy.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\NETGEAR\WG111]
@Class="HKEY_LOCAL_MACHINE"
@DACL=(02 0000)
"Domain"="US"
"DomainDesc"="United States"
"infpath"="c:\\WINDOWS\\INF\\oem57"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\documents and settings\Chuck D\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wudfhost.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-09 22:11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 05:11
.
Pre-Run: 16,482,062,336 bytes free
Post-Run: 17,304,227,840 bytes free
.
- - End Of File - - ADF9DBC763AB53992AAD47117742E368


Report •

#14
October 9, 2011 at 22:26:24

I'm a bit worried you weren't online to get the recovery console installed. Looks like lots was removed by combofix....how is the PC running now?

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#15
October 9, 2011 at 23:29:43

Seems to run OK now. I'm looking for a way to get recovery console installed but so far no luck with winnt32.exe file in i386 folder. Message I get back when I try to install is XP version newer than on CD. Sounds like there might have to be some integrating of new XP SP3 files into my current i386 folder from what I have been reading online.

Right now computer is XP Pro SP3


Report •

#16
October 9, 2011 at 23:33:21

http://www.makeuseof.com/tag/how-to...
maybe the link above will help you....glad to hear your PC is running better

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#17
October 10, 2011 at 08:41:26

Computer runs OK but still no internet/network connection. Have to do some more boots to see if any malware pops up. Should I open up a separate issue for fixing the internet connection?

Report •

#18
October 10, 2011 at 10:17:53

no internet connection...have you tried to open IE, click on tools/internet options/connections/lan settings and uncheck proxy if it is checked...then close IE and open it again.

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#19
October 10, 2011 at 17:01:51

hey man that combo listing is still got opencloud on it
u need to fix that now
reboot
then do your connection with "netsh winsock reset catalog"

Report •

#20
October 10, 2011 at 22:10:23

Thanks again for the suggestions.

Yes, I have checked for the IE proxy a few times but I've never seen it enabled.

Running Malwarebytes (this time I copied the definitions updater to a flash drive on another computer so I could update the infected one) and Kaspersky again now to see if any Opencloud still, then will try to repair the connection again using ctnbl's suggestion.

CH



Report •

#21
October 11, 2011 at 12:48:41

do script to get rid of opencloud on combo
it runs combo again

do u have opencloud on Desktop? rightclick - properties - shortcut tab - target box

copy info and post


Report •

#22
October 19, 2011 at 00:13:41

hi ctnbl,

I ran a search to try to find the opencloud link again (not on desktop anymore) but looks like any opencloud files reside in Qoobox. I think this means they are quarantined by combofix correct?

Anyway, the computer seems to be booting OK now, but there is no internet or home network connectivity. The netsh winsock reset catalog and the netsh int ip reset reset.log functions don't fix this.

I've tried all the fixes I could find through MS support, but keep getting the error that DHCP client won't start Error 1075. I think this is probably the problem.

Thanks in advance.


Report •

#23
October 19, 2011 at 01:03:43

more specifically, when I try to start DHCP client, "The DHCP Client service depends on the following nonexistent service: AFD

CH


Report •

#24
October 19, 2011 at 01:34:33

"The DHCP Client service depends on the following nonexistent service: AFD"

http://is.gd/2CLaS2

http://support.microsoft.com/kb/915162


Report •

#25
October 19, 2011 at 10:52:22

I was able to solve my connectivity issues by uninstalling Windows XP service pack 3 as described here!

http://forums.cnet.com/7726-6132_10...

Everything seems to be working well now but I am still a little worried because the screen keeps going "fuzzy". After I uninstalled sp3, it looked perfect and sporadically does, but there doesn't seem to be a pattern as to why it changes that I can figure out.

I ran Malwarebytes again this AM and wasn't able to find anything. Also running Kaspersky today and will see results tonight.

Thanks again for all the suggestions!


Report •

#26
October 20, 2011 at 17:00:40

Hi All,

I ran Kaspersky again last night and it found many infected files (35) mostly in System Volume Information.....Restore files. I guess could be because I have been running Kaspersky without updated definitions until now.

Do I need to run any of the other anti-virus applications again?

CH


Report •

#27
October 20, 2011 at 17:15:52

I would remove all your system restore points, then update with today's files both KAS & MBAM, then run both again.

Also install/update & run Superantispyware.

How Do I Disable & Re-Enable a System Restore After a Virus Infection?
http://www.ehow.com/how_6012864_do-...
http://windowxptutortips.blogspot.c...
http://service1.symantec.com/SUPPOR...
Safe mode
http://service1.symantec.com/SUPPOR...

SUPERAntiSpyware
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://www.superantispyware.com/ind...


Report •

#28
October 20, 2011 at 17:57:34

super anti is basicly only good for removal of cookies...I would just suggest Ccleaner Slim:
http://www.piriform.com/ccleaner/bu...
Run it to get rid of all unnecessary files and then click on the registry icon and fix what it finds there also

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#29
October 20, 2011 at 18:49:53

"super anti is basicly only good for removal of cookies..."
Wrong again.

It is one of the recommended tools for cleaning up comps, prior to presenting log files to experts, if after following their proceedures, help is still needed.
http://forums.devshed.com/antivirus...
http://www.techsupportteam.org/foru...
http://www.help2go.com/content/tuto...
http://www.greyknight17.com/spyware...
http://forums.majorgeeks.com/showth...
http://forums.majorgeeks.com/showth...
http://www.neowin.net/forum/index.p...


Report •

#30
October 20, 2011 at 22:03:04

actually super-anti is hold hat anymore, malwarebytes beats it hands down. ;-)
I actually DO PC repairs for a living and have a good idea on what software really is effective anymore. Super-Anti, Adaware and Spybot have fallen by the wayside....don't get me wrong...they were awesome in their day though.

Some HELP in posting on Computing.net plus free progs and instructions 7 Medals


Report •

#31
October 20, 2011 at 22:41:44

"actually super-anti is hold hat anymore"
Did slip into old hat for a while, not any more, it will remove infections ( & cookies ) that MBAM dos'nt, as already mentioned in the above posts, run as many of the approved programs as you can, the badies are always ahead of the goodies.
The OP will be the one who eventually decides if it was worth it, not us,

The main goal in providing help, is to give the OP tools that may sort out his problems, not to do an ego thing & knock other peoples suggestions.
Every tool mentioned on this page, has the potential to find the latest & old infections, but tracking down the right program is itself challenging, because of the thousands of new variations coming out each week.


Report •

#32
October 20, 2011 at 23:25:11

duplicate post

Report •

#33
October 20, 2011 at 23:35:31

Ok, let me say that I really appreciate all the suggestions I've been given and it truly has been a team effort!

While things right now work 100x better than they did, I feel like I'm still trying to plug leaks and it seems like it will probably take a combination of all the posts to fix the problem.

CH


Report •

#34
October 21, 2011 at 03:05:39

"seems like it will probably take a combination of all the posts to fix the problem"
Correct, we have to adopt the leave no stone unturned approach & may need even more tools.

Don't be alarmed if you cannot get a program to run or if after cleaning, you lose your internet connection, that is what the infection can do. There are means of outsmarting the infection to get a program to run & ways to get the internet connection back.

We shall see what eventuates.


Report •


Ask Question