Internet cuts in and out

[Rod Bishop]

This just started three days ago. My internet on my Dell Optiplex 760, running Vista, 500GHD 2 g ram, Intel 4 at 3.33, on board network port keeps cutting in and out every ten minutes or so. It's dead for about one minute and it returns fine.

I changed ports on the Quest Modem/Router it stills dies, I've replaced the ethernet cable from theDell to the router, and I just installed a new Network card hoping that might cure it, but it still cuts in and out.

My wifes Dell is connected to the same Router and never fails to lose the internet. I have changed nothing on board the PC and hope you might have a thought on this problem.

I'm about out of Ideas..

 

[johnb35]

My first step would be to scan for malware.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

 

[Rod Bishop]

The first 3 programs found nothing wrong. The last program is posted here but It doesn't make sense to me .

 

[johnb35]

This is very odd behavior you are seeing. I would expect this to happen on wireless but not on ethernet. You said you physically added a new ethernet card to the pc and it still cuts out. Are you sure you connected the ethernet cable to the new card? If so, this leads me to believe its something with the router. But then it works fine with a different computer connected with a cable. Or does she connect using wireless?

 

[beers]

What card did you replace it with? Did you install a new driver?

I'd probably keep looking on the software/OS side since other hosts in the same LAN appear to be fine.

 

[Rod Bishop]

While I was sitting here watching for a replay, I noticed the network dropped off again. I closed the browser and started a new browser and the internet icon came back on so I could post this.

Still have a problem with disconnects, but in another room my wifes PC has not had the same problem, her PC is working just fine, no drop off

 

[beers]

Do you have Ethernet ports in your wall or? Do you also see the same sync rates to the device (10, 100 or 1000 mbit) for autonegotiation?

 

[Rod Bishop]

I installed a new Linksys pci network card and the system found a new driver for the new card. Yes, I disconnected the old onboard network cable as soon as the new driver was installed on the pci network card. Last night while I was waiting for an answer to my question the network icon, or Blue Ball" as we call it, went out and I tried to log back in but the browser said I was Local Only, no internet.
That happened several times last night before I put me and the System to bed. And yes, my wifes PC is direct ethernet same as my connection, never had any problems.

I thought it might be an issue with the three ethernet ports on the Quest Router, and the same problem happens for me in port 2,3, and port 4.

My wife made it clear to me yesterday, Do not unplug her from port 1 and leave her connection alone. Port 1 never fails or the problem is not a router issue. She buys and sells dresses and stuff from her closet site on EBAY.

As for me I use the internet for research and to buy security or CCTV stuff.

Last night The test found no Malware or the other testing done was clear. I was hoping a new path to the internet might be the solution.

We just returned home this morning and so far in the posting of this long message the blueball stayed on.

 

[beers]

If she has issues in 2-4 then I'd just junk the device for a replacement.

 

[Rod Bishop]

I haven't changed the router yet, I have been trying to understand the computer network port. The trouble with the PC failing to keep a internet connection still exist, it suts in and out, the internet icon or blueball comes and goes but I did find a quick way of reconnecting the internet. I did the Dell support and Dell says the network port test OK.

I started a few days ago to reset the network adapter, and it works every time. As soon as I notice the internet is gone I hit the start, network, test and reset the network adapter, and the internet is back. I do notice when the internet connection is gone, the network icon still shows the blue ball. If I hover the icon it says I still have a internet connection. The PC still sees the internet, but my email or website is gone.

Can anyone tell me why resetting the network works everytime to regain the internet, or what can be wrong in the PC for it to believe it's connected when it's not?

thanks

 

[johnb35]

Try uninstalling the network connection via device manager, reboot the system and let windows reinstall the driver. See if that helps.

 

[Rod Bishop]

I did that late last night and something is still wrong with the network adapter. Today I plugged the network into port number 1, or the first port on the router. That's my wifes port, as she calls it, as shes gone to the store.

But it too cuts in and out on my PC, so it's not the router either. I rebuild PCs and security systems and usually don't have an issue with the internet or the network adapter, but I'm about to give up.This afternoon it's down to resetting the network every 15 minutes or so.
I've tried reinstalling the driver for the networkwork adapter, installing a new pci network card and a new network usb RJ45 plug in and all three drop whenever I use either of them.
I wish I could plug all three in at the same time to the router to keep the internet alive.

I have 6 other PCs I can use, all up to date under the table, if no new ideas are offered that's my next step, but that's a big deal with everything thats in the way in my shop.

 

[johnb35]

Sounds like you really have an issue with windows itself. Since you are running Vista can you run the following and post the logfile from it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

 

[Rod Bishop]

ComboFix 16-04-29.01 - r 05/07/2016 18:52:17.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1979.995 [GMT -5:00]
Running from: c:\users\r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYXE7DZN\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6793\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll
c:\programdata\PCDr\6793\AddOnDownloaded\06054fba-5619-4a86-a861-ffb0464bef5d.dll
c:\programdata\PCDr\6793\AddOnDownloaded\06fda46e-43c1-481a-9eb2-9799f42e7f99.dll
c:\programdata\PCDr\6793\AddOnDownloaded\0bc194f9-b102-4833-85bd-603e216a9274.dll
c:\programdata\PCDr\6793\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6793\AddOnDownloaded\14d73fac-0439-4f06-9763-0341fab0d44f.dll
c:\programdata\PCDr\6793\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1770287d-f115-443b-9fb7-268be5a136fc.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1d25df4e-fb49-4047-b057-5a757ec1e10a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1eec01b0-8ca5-44d8-a311-9e7f96e586dd.dll
c:\programdata\PCDr\6793\AddOnDownloaded\1f82ef5d-9e89-4c2f-839d-1dfc47d3af1b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6793\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6793\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\2ed4ce9e-0dff-4595-a0aa-f3e3b671fddc.dll
c:\programdata\PCDr\6793\AddOnDownloaded\3087e0df-b321-44c3-b144-fb94c30c8383.dll
c:\programdata\PCDr\6793\AddOnDownloaded\32de12dc-d8c3-42aa-adc7-6c4c6b126d9e.dll
c:\programdata\PCDr\6793\AddOnDownloaded\3324fb70-b482-4ff5-9d0e-102981046ff0.dll
c:\programdata\PCDr\6793\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6793\AddOnDownloaded\35b44250-4f9f-4c83-a518-a7c76d04314b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6793\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6793\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6793\AddOnDownloaded\41a30eb5-952e-4dbb-ae28-5f8aa6520aba.dll
c:\programdata\PCDr\6793\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6793\AddOnDownloaded\459715e4-d2b9-4b1d-9abd-b72ddc2c69b1.dll
c:\programdata\PCDr\6793\AddOnDownloaded\471d2ede-d247-4b88-8413-b4f925daed35.dll
c:\programdata\PCDr\6793\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6793\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6793\AddOnDownloaded\48b34bb5-ff90-4d9e-b894-efe9b9fb83df.dll
c:\programdata\PCDr\6793\AddOnDownloaded\49f89ca5-aa70-4aab-9314-4a62fc1f0e87.dll
c:\programdata\PCDr\6793\AddOnDownloaded\4cb05034-365d-4b59-a070-5750405458b0.dll
c:\programdata\PCDr\6793\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6793\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\545e0921-6e62-4c80-bee9-427f48425c93.dll
c:\programdata\PCDr\6793\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6793\AddOnDownloaded\5a2fca81-2a3a-4213-a397-872704c3f168.dll
c:\programdata\PCDr\6793\AddOnDownloaded\5bbfdaf0-4ed3-451e-8ae5-d6568a621a17.dll
c:\programdata\PCDr\6793\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\649574c7-1acb-458c-a846-1bc04bfcdb93.dll
c:\programdata\PCDr\6793\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6b56d7e1-5ac6-46da-8615-10fbe2919ac8.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6bdfa889-cc66-47b8-8124-f44af6185c4a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\6f9e83ca-5216-40db-863d-61ffff2a1563.dll
c:\programdata\PCDr\6793\AddOnDownloaded\72db11e1-d2b2-4f9f-828a-5a68b9e7709f.dll
c:\programdata\PCDr\6793\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7aab56cb-b4f9-4339-82d7-9bebc9820fd4.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7c5b1d75-4145-4f69-b184-a8fb559fd417.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7eb9d453-6936-472b-8a21-a9513eebbf65.dll
c:\programdata\PCDr\6793\AddOnDownloaded\7ee97e57-ddc8-4c67-a05d-8776b2353080.dll
c:\programdata\PCDr\6793\AddOnDownloaded\812fed95-c1fb-4695-be1a-fd6265302cf9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\84044d39-7df5-40d8-9c83-1be344e0305e.dll
c:\programdata\PCDr\6793\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\873c94c8-114d-4d39-a36a-14d636c6e7f3.dll
c:\programdata\PCDr\6793\AddOnDownloaded\8c64e2ef-3080-4951-8358-e991c1695e4a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6793\AddOnDownloaded\95863b84-2a1c-4539-bd21-ffbef3ea7fd9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\9ad177b0-ddcd-4cf6-ac35-969dc98b22db.dll
c:\programdata\PCDr\6793\AddOnDownloaded\9afbb1e4-1951-4d6e-bd32-2e0e5254786f.dll
c:\programdata\PCDr\6793\AddOnDownloaded\9bd80958-c5f2-4f2f-aa6b-c45a01a4e97c.dll
c:\programdata\PCDr\6793\AddOnDownloaded\9cc8e4b9-2989-4941-94e1-8c5358218ffb.dll
c:\programdata\PCDr\6793\AddOnDownloaded\a360a789-e8b0-4637-9792-e0ff95e234e4.dll
c:\programdata\PCDr\6793\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6793\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6793\AddOnDownloaded\b451e5c8-cdbf-46b4-8e59-e9a05ebf3533.dll
c:\programdata\PCDr\6793\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6793\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6793\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6793\AddOnDownloaded\bcd55a0b-5c73-4efb-87eb-fa42f0002bb9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c238c886-2790-4da6-895b-00c9110314ec.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c27a8f9a-0718-4077-8610-9b1806d75bee.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c502e200-e694-4725-9348-253ed2eac74c.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c6528f35-d623-4e84-a9b2-58ecb22dabd4.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6793\AddOnDownloaded\c746a3b1-ed0c-4bff-941c-d5e6f0583ce7.dll
c:\programdata\PCDr\6793\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll
c:\programdata\PCDr\6793\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6793\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6793\AddOnDownloaded\d7306aee-c81a-43de-a6a8-e1baed06cbe9.dll
c:\programdata\PCDr\6793\AddOnDownloaded\dd1bac2a-784b-4124-895b-8444b4b4697b.dll
c:\programdata\PCDr\6793\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6793\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6793\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6793\AddOnDownloaded\edb10714-8498-4679-a667-4c4c359de017.dll
c:\programdata\PCDr\6793\AddOnDownloaded\ee4747a4-1d1b-42c1-8a8c-1de04bbb2379.dll
c:\programdata\PCDr\6793\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6793\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6793\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll
c:\programdata\PCDr\6793\AddOnDownloaded\ff34f184-7b2d-4b07-9131-b1349888b6e5.dll
c:\windows\~GLH0005.TMP
c:\windows\~GLH0006.TMP
c:\windows\~GLH0007.TMP
c:\windows\~GLH0008.TMP
c:\windows\~GLH0009.TMP
c:\windows\~GLH000a.TMP
c:\windows\system32\~GLH0016.TMP
c:\windows\system32\~GLH0017.TMP
c:\windows\system32\~GLH0018.TMP
c:\windows\system32\~GLH001b.TMP
c:\windows\system32\~GLH001c.TMP
c:\windows\system32\~GLH001d.TMP
c:\windows\system32\~GLH001e.TMP
c:\windows\system32\~GLH001f.TMP
c:\windows\system32\~GLH0020.TMP
c:\windows\system32\~GLH0021.TMP
c:\windows\system32\~GLH0022.TMP
c:\windows\system32\~GLH0023.TMP
c:\windows\system32\~GLH0025.TMP
c:\windows\system32\~GLH0027.TMP
c:\windows\system32\~GLH0028.TMP
c:\windows\system32\~GLH002c.TMP
c:\windows\system32\~GLH002d.TMP
c:\windows\system32\~GLH0031.TMP
c:\windows\system32\drivers\~GLH001c.TMP
c:\windows\system32\drivers\~GLH001d.TMP
c:\windows\system32\drivers\~GLH001e.TMP
c:\windows\system32\drivers\~GLH001f.TMP
c:\windows\system32\drivers\~GLH0020.TMP
c:\windows\system32\drivers\~GLH0023.TMP
c:\windows\system32\drivers\~GLH0024.TMP
c:\windows\system32\drivers\~GLH0025.TMP
c:\windows\system32\drivers\~GLH0026.TMP
c:\windows\system32\drivers\~GLH0027.TMP
c:\windows\system32\drivers\~GLH0028.TMP
c:\windows\system32\drivers\~GLH0029.TMP
c:\windows\system32\drivers\~GLH002a.TMP
c:\windows\system32\drivers\~GLH002b.TMP
c:\windows\system32\drivers\~GLH002c.TMP
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2016-04-08 to 2016-05-08 )))))))))))))))))))))))))))))))
.
.
2016-05-08 00:00 . 2016-05-08 00:01 -------- d-----w- c:\users\r\AppData\Local\temp
2016-05-08 00:00 . 2016-05-08 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-02 17:04 . 2016-05-02 17:04 -------- dc-h--w- c:\programdata\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-30 20:53 . 2010-02-23 17:00 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2016-04-30 20:33 . 2016-04-30 21:05 -------- d-----w- c:\programdata\SupportAssistAgent
2016-04-30 20:24 . 2016-04-30 20:24 0 ----a-w- c:\windows\invcol.tmp
2016-04-25 20:10 . 2012-01-04 01:10 16512 ----a-w- c:\windows\system32\drivers\RD9700.sys
2016-04-23 02:41 . 2016-04-23 02:41 -------- d-----w- c:\program files\Common Files\Java
2016-04-20 19:17 . 2016-04-20 19:17 253184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2016-04-20 02:09 . 2016-04-20 02:10 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-20 02:08 . 2016-03-10 19:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-20 02:08 . 2016-03-10 19:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-20 02:08 . 2016-03-10 19:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-19 23:59 . 2016-04-20 00:00 -------- d-----w- C:\AdwCleaner
2016-04-19 17:26 . 2016-04-19 17:26 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-04-18 14:10 . 2016-04-18 14:10 61696 ----a-w- c:\windows\system32\drivers\avgunivx.sys
2016-04-16 21:41 . 2016-04-16 21:41 -------- d-----w- c:\program files\Autodesk
2016-04-16 21:02 . 2016-04-16 21:02 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2016-04-15 22:37 . 2016-04-15 22:37 -------- d-----w- c:\programdata\PC-Doctor for Windows
2016-04-15 22:37 . 2016-04-15 22:37 -------- d-----w- c:\program files\Dell Support Center
2016-04-14 15:54 . 2016-04-14 15:54 46848 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2016-04-14 02:34 . 2016-03-04 16:52 1253376 ----a-w- c:\windows\system32\msxml3.dll
2016-04-14 02:33 . 2016-03-18 17:10 206336 ----a-w- c:\windows\system32\ncrypt.dll
2016-04-14 02:33 . 2016-03-18 17:10 72704 ----a-w- c:\windows\system32\secur32.dll
2016-04-14 02:33 . 2016-03-18 17:10 57344 ----a-w- c:\windows\system32\samlib.dll
2016-04-14 02:33 . 2016-03-18 17:10 486912 ----a-w- c:\windows\system32\samsrv.dll
2016-04-14 02:33 . 2016-03-18 17:09 1259520 ----a-w- c:\windows\system32\lsasrv.dll
2016-04-14 02:32 . 2016-03-18 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-14 02:25 . 2016-03-18 17:10 1316864 ----a-w- c:\windows\system32\ole32.dll
2016-04-14 02:25 . 2016-03-21 22:57 1208568 ----a-w- c:\windows\system32\ntdll.dll
2016-04-14 02:24 . 2016-03-17 17:45 105472 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-14 02:24 . 2016-03-17 17:45 180224 ----a-w- c:\windows\system32\msorcl32.dll
2016-04-14 02:24 . 2016-03-17 17:45 290816 ----a-w- c:\program files\Common Files\System\Ole DB\msdaora.dll
2016-04-14 02:23 . 2016-03-29 20:30 2070016 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-23 02:39 . 2015-08-31 17:28 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-04-10 18:10 . 2014-05-23 14:37 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-10 18:10 . 2014-05-23 14:37 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-29 21:45 . 2016-03-29 21:45 191232 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2016-02-16 21:26 . 2016-02-16 21:26 134944 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2016-02-16 21:20 . 2016-02-16 21:20 287008 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-08-06 421888]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-29 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2014-05-28 295512]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2015-08-06 421888]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-04-14 186640]
"AVG_UI"="c:\program files\AVG\Av\avuirunnerx.exe" [2016-04-20 32528]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-03-05 1310720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 00:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 00:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-12 00:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2009-07-21 19:40 796696 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 04:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 04:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 01:30 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23 18:10]
.
2016-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-04 07:48]
.
2016-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-04 07:48]
.
.
------- Supplementary Scan -------
.
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\r\AppData\Roaming\Mozilla\Firefox\Profiles\hqczfzhm.default-1411339930239\
FF - prefs.js: browser.startup.homepage - hxxps://www.wunderground.com/weather-radar/united-states/la/lake-charles/lch/?region=msy|aboutreferences
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2014\avgui.exe
MSConfigStartUp-DellSystemDetect - c:\users\r\AppData\Local\Apps\2.0\9OKJOMET.AAJ\28PZQ8H1.GM2\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
AddRemove-58d94f3ce2c27db0 - c:\users\r\AppData\Local\Apps\2.0\9OKJOMET.AAJ\28PZQ8H1.GM2\dell..tion_6d0a76327dca4869_0007.0004_041659e87a6c2b4d\Uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-05-07 19:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2016-05-07 19:06:49
ComboFix-quarantined-files.txt 2016-05-08 00:06
.
Pre-Run: 143,386,198,016 bytes free
Post-Run: 145,181,483,008 bytes free
.
- - End Of File - - 7420315D0E9BAB1936844A8453542A13
5C616939100B85E558DA92B899A0FC36

 

[johnb35]

Let me know if there is any difference with the internet cutting out since running combofix. A lot of temp files were deleted along with some bad drivers.

 

[Rod Bishop]

I'm reporting from a backup pc.

The screen locked up and the PC froze.

I have the curser circling and the mouse works but still everything is froze.

I'll have to force it off, and see.

 

[Rod Bishop]

Everything came back alive!

I'll watch the internet to see if it stays connected.

Did you see in the listing any problems or is it just a wait and see?

thanks

 

[Rod Bishop]

The computer still has a difference between a program and the PC as you can see by this photo.

The network icon on the bottom right says internet connected but the browser says there is no internet connection.
It fails with Chrome, Mozilla and IE.

But, everytime I reset the network connection, the program connects to an internet site.

Why?

 

[johnb35]

I would say something inside windows is corrupt and you need to reinstall windows.