samwalker85
Honorary Members-
Posts
40 -
Joined
-
Last visited
Reputation
0 Neutral-
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
i am still being redirected though...is there a solution for that?....coz my internet connection is always using a lot of data but i dont see any processes running -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
well i can not find any older retore points in system restore. it only gives me the option to restore to a this mornings retore point. there is not even a button there to retore older points. i think we might have just messed it up more... -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
ok -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
Farbar Service Scanner Version: 22-07-2012 Ran by Soham (administrator) on 24-07-2012 at 20:43:04 Running from "C:\Users\Soham\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Disabled The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-05-09 22:55] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
it has been added it said i had done it the last time you asked me to -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
malwarebytes is still blocking the process svchost.exe from going to malacious website. and nortan still gives me trojan warning -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
here the faber scan log after i restored the qurantined files----> Farbar Service Scanner Version: 22-07-2012 Ran by Soham (administrator) on 24-07-2012 at 20:15:50 Running from "C:\Users\Soham\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Disabled The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-05-09 22:55] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** i dont know if it makes any difference -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
i did i thout you asked me to do it again after i restoer the quanratined files....never mind -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
i am trying to make another copy of the registry but its not lettimg me do it using the erunt... the only option is that i overwrite the registry key i made earlier should i do it? -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
heres the faber scan without the malwarebytes qurantined restore-----> Farbar Service Scanner Version: 22-07-2012 Ran by Soham (administrator) on 24-07-2012 at 19:51:40 Running from "C:\Users\Soham\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Disabled The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-05-09 22:55] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91 C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
Oh crap I forgot to restore everything from malware bytes quarantined files What now? Sorry -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
Oh crap I forgot to restore everything from malware bytes quarantined files What now? Sorry -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
ok did it it says the net start sharedaccess did not start becsaue there is no device accompanying it or something....i am about to post the log give me sec -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
oh ok so whats the back up for? i thought we are making changes to the registry -
Not sure what is false positive
samwalker85 replied to samwalker85's topic in Resolved Malware Removal Logs
i havent done it yet becasue of the registry question i asked earlier