Jump to content

im infected but i did th steps


Recommended Posts

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

says i needwindows xp service pack 3

Why don't you have SP3 installed???

-----------------------------

Please see if you can run these two programs:

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Next..........

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Fabar service scan log:

Farbar Service Scanner Version: 14-02-2012

Ran by Anthony (administrator) on 17-02-2012 at 09:12:23

Running from "C:\Documents and Settings\Anthony\Desktop"

Microsoft Windows XP Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2005-08-16 05:18] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys

[2005-08-16 05:18] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys

[2005-08-16 05:18] - [2004-08-10 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys

[2005-08-16 05:18] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys

[2005-08-16 05:18] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll

[2005-08-16 05:18] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll

[2005-08-16 05:18] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys

[2005-08-16 05:40] - [2004-08-10 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll

[2005-08-16 05:18] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe

[2005-08-16 05:18] - [2004-08-10 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll

[2005-08-16 05:18] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe

[2005-08-16 05:18] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD

Extra List:

=======

fssfltr(12) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(10) NwlnkNb(11) PSched(7) Tcpip(3)

0x0C00000004000000010000000200000003000000050000000600000007000000090000000A0000000B0000000C0000000D000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

rogue Killer log:

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User: Anthony [Admin rights]

Mode: Scan -- Date: 02/17/2012 09:16:50

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Anthony\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

[sUSP PATH] FSS.exe -- C:\Documents and Settings\Anthony\Desktop\FSS.exe -> KILLED [TermProc]

[sUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\Anthony\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 5961a8ea2c20e473b918487d60c30ea4

[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 107615 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 220508190 | Size: 2047 Mo

3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 224701155 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[8].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

Link to post
Share on other sites

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Go to Start > Run > copy and paste this in and hit OK:

services.msc

Scroll down to "Security Center" and double click on it

Change the Startup type to Automatic

Click Apply > then OK

Reboot and run Farbar Service Scanner again.....post the log, MrC

Link to post
Share on other sites

Farbar Service Scanner Version: 14-02-2012

Ran by Anthony (administrator) on 17-02-2012 at 10:08:21

Running from "C:\Documents and Settings\Anthony\Desktop"

Microsoft Windows XP Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[2005-08-16 05:18] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys

[2005-08-16 05:18] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys

[2005-08-16 05:18] - [2004-08-10 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys

[2005-08-16 05:18] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys

[2005-08-16 05:18] - [2004-08-10 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll

[2005-08-16 05:18] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll

[2005-08-16 05:18] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys

[2005-08-16 05:40] - [2004-08-10 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-08-16 05:37] - [2004-08-10 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll

[2005-08-16 05:40] - [2004-08-10 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll

[2005-08-16 05:18] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll

[2005-08-16 05:18] - [2004-08-10 06:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe

[2005-08-16 05:18] - [2004-08-10 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll

[2005-08-16 05:18] - [2009-02-09 05:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe

[2005-08-16 05:18] - [2009-02-06 05:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD

Extra List:

=======

fssfltr(12) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(10) NwlnkNb(11) PSched(7) Tcpip(3)

0x0C00000004000000010000000200000003000000050000000600000007000000090000000A0000000B0000000C0000000D000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Lets try........To reinstall the Windows Installer

http://support.microsoft.com/kb/315346

Use Method 2: Reinstall the Windows Installer

It's on this page about 1/2 way down:

http://support.microsoft.com/kb/315346

Starts like this:

Method 2: Reinstall the Windows Installer
To reinstall the Windows Installer, rename the damaged Windows Installer files, and then reinstall the Windows Installer. To do this, follow these steps:
Click Start, click Run, type cmd in the Open text box, and then click OK.
Type cd %windir%\system32, and then press ENTER.
Type attrib -r -s -h dllcache, and then press ENTER.
Type ren msi.dll msi.old, and then press ENTER.
Type ren msiexec.exe msiexec.old, and then press ENTER.
Select the Restart option, and then click OK, or click Restart.

ETC.....

Let me know, MrC

Link to post
Share on other sites

Listen, you have to start using complete words and sentences, phrases like this make no sense:

no it dosnt instals

install *

wat service pac should i dounload

----------------------------------

Were you able to install Java? Yes or No??

Why do you want to install SP3 now?

Did you complete the instructions in this post to reinstall Windows Installer? Yes or NO

http://forums.malwar...ndpost&p=527650

I'll be back in about one hour, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.