rbecker1014 Posted January 8, 2012 ID:514954 Share Posted January 8, 2012 Vista Anti virus infected my computer. I read the into post that said don't run any temporary scanning or removal software (because it makes it more difficult). Unfortunately, I ran some. The anti-virus window doesn't pop up any more, but my internet is still blocked. This thing is pretty nasty.attach.txtdds.txt Link to post Share on other sites More sharing options...
rbecker1014 Posted January 30, 2012 Author ID:521742 Share Posted January 30, 2012 Did I haven't heard from anyone. Still need help getting my PC cleaned up!Rick Link to post Share on other sites More sharing options...
Blade81 Posted January 30, 2012 ID:521791 Share Posted January 30, 2012 Hi,Sorry for a delayed reply. Forum has been pretty busy. Please post contents of fresh DDS logs. Link to post Share on other sites More sharing options...
rbecker1014 Posted February 1, 2012 Author ID:522467 Share Posted February 1, 2012 Thank you for your reply! Here are the updated files.Rickattach.txtdds.txt Link to post Share on other sites More sharing options...
Blade81 Posted February 1, 2012 ID:522485 Share Posted February 1, 2012 Hi,Has Windows reinstallation been attempted there or does it just look like that to me? What are current issues? Link to post Share on other sites More sharing options...
rbecker1014 Posted February 1, 2012 Author ID:522569 Share Posted February 1, 2012 Blade- Yes, the only thing done since my original post was a resintallation of Windows Vista. I am still experience the same issues as before the Vista reinstall. I don't see the Windows Vista Antivirus screen anymore, but the virus still has me locked out from accessing the internet. The machine can access my WiFi network but won't connect to the internet. Link to post Share on other sites More sharing options...
Blade81 Posted February 1, 2012 ID:522597 Share Posted February 1, 2012 Hi,Download aswMBR to your desktop. Double click the aswMBR.exe to run itClick the Scan button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply.Please download Farbar Service Scanner and run it on the computer with the issue.Check these boxes:-Internet ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
rbecker1014 Posted February 2, 2012 Author ID:522811 Share Posted February 2, 2012 <p>*************************************************************</p><p>**********Contents of the aswMBR.txt file:**********</p><p>*************************************************************</p><p> </p><div>aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software</div><div>Run date: 2012-02-01 19:19:16</div><div>-----------------------------</div><div>19:19:16.017 OS Version: Windows 6.0.6000 </div><div>19:19:16.017 Number of processors: 2 586 0xF06</div><div>19:19:16.017 ComputerName: RBECKER1014-PC UserName: rbecker1014</div><div>19:19:17.142 Initialize success</div><div>19:19:43.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2</div><div>19:19:43.972 Disk 0 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 3</div><div>19:19:43.988 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3</div><div>19:19:43.988 Disk 1 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 3</div><div>19:19:44.019 Disk 0 MBR read successfully</div><div>19:19:44.019 Disk 0 MBR scan</div><div>19:19:44.019 Disk 0 Windows VISTA default MBR code</div><div>19:19:44.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 63</div><div>19:19:44.066 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8879 MB offset 470206485</div><div>19:19:44.066 Disk 0 scanning sectors +488392065</div><div>19:19:44.207 Disk 0 scanning C:\Windows\system32\drivers</div><div>19:19:50.926 Service scanning</div><div>19:19:52.144 Modules scanning</div><div>19:21:42.691 Disk 0 trace - called modules:</div><div>19:21:42.707 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll </div><div>19:21:42.722 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851da978]</div><div>19:21:42.722 3 ntkrnlpa.exe[818b06e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x84ab6030]</div><div>19:21:42.738 Scan finished successfully</div><div>20:23:53.409 Verifying</div><div>20:24:03.409 Disk 0 Windows 600 MBR fixed successfully</div><div>20:24:38.518 Disk 0 MBR has been saved successfully to "M:\virus stuff\MBR.dat"</div><div>20:24:38.987 The log file has been saved successfully to "M:\virus stuff\aswMBR.txt"</div><div> </div><div> </div><div><p style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">*************************************************************</p><p style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">**********Contents of the FSS.txt file *********</p><p style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">*************************************************************</p><p style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "> </p><div>Farbar Service Scanner Version: 01-02-2012 03</div><div>Ran by rbecker1014 (administrator) on 01-02-2012 at 20:25:55</div><div>MicrosoftÆ Windows Vistaô Home Premium (X86)</div><div>Boot Mode: Normal</div><div>****************************************************************</div><div> </div><div>Internet Services:</div><div>============</div><div> </div><div>Connection Status:</div><div>==============</div><div>Localhost is accessible.</div><div>LAN connected.</div><div>Attempt to access Google IP returned error: Google IP is offline</div><div>Attempt to access Yahoo IP returend error: Yahoo IP is offline</div><div> </div><div> </div><div>File Check:</div><div>========</div><div>C:\Windows\system32\nsisvc.dll => MD5 is legit</div><div>C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit</div><div>C:\Windows\system32\dhcpcsvc.dll</div><div>[2006-11-02 00:56] - [2006-11-02 01:46] - 0204800 ____A (Microsoft Corporation) 17210D8064EC116A3FC6B5E45E577D43</div><div> </div><div>C:\Windows\system32\Drivers\afd.sys => MD5 is legit</div><div>C:\Windows\system32\Drivers\tdx.sys => MD5 is legit</div><div>C:\Windows\system32\Drivers\tcpip.sys</div><div>[2006-11-02 00:58] - [2006-11-02 00:58] - 0802816 ____A (Microsoft Corporation) D944522B048A5FEB7700B5170D3D9423</div><div> </div><div>C:\Windows\system32\dnsrslvr.dll</div><div>[2006-11-02 00:46] - [2006-11-02 01:46] - 0083968 ____A (Microsoft Corporation) 7EF78529439683570884F9308A02EC11</div><div> </div><div>C:\Windows\system32\svchost.exe => MD5 is legit</div><div>C:\Windows\system32\rpcss.dll</div><div>[2006-11-02 00:50] - [2006-11-02 01:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F</div><div> </div><div> </div><div> </div><div>**** End of log ****</div></div><div> </div> Link to post Share on other sites More sharing options...
rbecker1014 Posted February 2, 2012 Author ID:522815 Share Posted February 2, 2012 Not sure where the HTML tags came from. Here are the files in case they are easy to read w/out tags.aswMBR.txtFSS.txt Link to post Share on other sites More sharing options...
Blade81 Posted February 2, 2012 ID:522835 Share Posted February 2, 2012 Hi,Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:@echo off>Log1.txt (ipconfig /allnslookup google.comping -n 2 google.comroute print)start Log1.txtdel %0Go to the File menu at the top of the Notepad and select Save as.Select save in: desktopFill in File name: test.batSave as type: All file types (*.*)Click save.Close the Notepad.Locate and double-click test.bat on the desktop.A notepad opens, copy and paste the content it (log1.txt) to your reply. Link to post Share on other sites More sharing options...
rbecker1014 Posted February 3, 2012 Author ID:523162 Share Posted February 3, 2012 Windows IP Configuration Host Name . . . . . . . . . . . . : rbecker1014-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : hsd1.ca.comcast.net. Description . . . . . . . . . . . : Atheros AR5006X Wireless Network Adapter Physical Address. . . . . . . . . : 00-C0-A8-C0-C8-CD DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Temporary IPv6 Address. . . . . . : 2002:62ea:9c2:0:3c6a:35ff:aa0c:40cc(Deprecated) IPv6 Address. . . . . . . . . . . : 2002:62ea:9c2:0:9421:db32:f52c:a59d(Deprecated) Link-local IPv6 Address . . . . . : fe80::9421:db32:f52c:a59d%9(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.123(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, February 02, 2012 6:58:31 PM Lease Expires . . . . . . . . . . : Friday, February 03, 2012 6:58:31 PM Default Gateway . . . . . . . . . : fe80::9afc:11ff:fe82:fe2d%9 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 151044264 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-B9-49-69-00-18-F3-01-A4-B1 DNS Servers . . . . . . . . . . . : 75.75.75.75 75.75.76.76 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82562V 10/100 Platform LAN Connect Physical Address. . . . . . . . . : 00-18-F3-01-A4-B1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{377197D8-6C84-4E6E-8D16-712AB4178748} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 7: Connection-specific DNS Suffix . : hsd1.ca.comcast.net. Description . . . . . . . . . . . : isatap.hsd1.ca.comcast.net. Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.123%11(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 75.75.75.75 75.75.76.76 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : DisabledDNS request timed out. timeout was 2 seconds.Server: UnKnownAddress: 75.75.75.75:53DNS request timed out. timeout was 2 seconds.DNS request timed out. timeout was 2 seconds.Ping request could not find host google.com. Please check the name and try again.===========================================================================Interface List 9 ...00 c0 a8 c0 c8 cd ...... Atheros AR5006X Wireless Network Adapter 8 ...00 18 f3 01 a4 b1 ...... Intel® 82562V 10/100 Platform LAN Connect 1 ........................... Software Loopback Interface 110 ...00 00 00 00 00 00 00 e0 isatap.{377197D8-6C84-4E6E-8D16-712AB4178748}11 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ca.comcast.net.===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.123 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.123 281 192.168.1.123 255.255.255.255 On-link 192.168.1.123 281 192.168.1.255 255.255.255.255 On-link 192.168.1.123 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.123 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.123 281===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes:If Metric Network Destination Gateway 9 4121 ::/0 fe80::9afc:11ff:fe82:fe2d 1 306 ::1/128 On-link 9 33 2002:62ea:9c2::/64 On-link 9 281 2002:62ea:9c2:0:3c6a:35ff:aa0c:40cc/128 On-link 9 281 2002:62ea:9c2:0:9421:db32:f52c:a59d/128 On-link 9 281 fe80::/64 On-link11 286 fe80::5efe:192.168.1.123/128 On-link 9 281 fe80::9421:db32:f52c:a59d/128 On-link 1 306 ff00::/8 On-link 9 281 ff00::/8 On-link===========================================================================Persistent Routes: None Link to post Share on other sites More sharing options...
Blade81 Posted February 3, 2012 ID:523183 Share Posted February 3, 2012 Hi,Have you tried to connect via wired ethernet connection to see if problem is only with the wireless side?Please check that Obtain an IP address automatically and Obtain DNS server address automatically are selected. Instructions here. Link to post Share on other sites More sharing options...
rbecker1014 Posted February 3, 2012 Author ID:523191 Share Posted February 3, 2012 wow---you are awesome. The problem was on the wireless side! I connected directly to the router with the ethernet connection and it I am connected to the internet. I can't thank you enough! Do you have a recommendation on antivirus or malware software that will keep this from happening again? Link to post Share on other sites More sharing options...
Blade81 Posted February 3, 2012 ID:523304 Share Posted February 3, 2012 Good to hear that helped You should check that wireless adapter has those IP related settings set like explained in my previous post.Good free antivirus programs are:AntivirAvast! andAVG Free AntivirusGood commercial ones are from:Kaspersky andESETFor antispyware protection MBAM will do its job It's also important system doesn't have unpatched vulnerabilities. Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too. Link to post Share on other sites More sharing options...
Staff screen317 Posted April 10, 2012 Staff ID:541460 Share Posted April 10, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts