Jump to content

Back with another virus on another PC


jsstevo

Recommended Posts

Sorry but have another one for you. Been through basic searches and nothing found so here goes again. Main symptom is that I cannot access the web. Can see local network and router. I've had to download the software from another PC and trf over as no Internet on the infected PC. as a Here's the Malwarebytes log from a quick search...............

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.14.11

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

dell :: DELL-PC [administrator]

Protection: Disabled

28/12/2012 00:40:59

mbam-log-2012-12-28 (00-40-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259601

Time elapsed: 12 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And yes, I have taken tje network cable out and plugged into another PC to prove it works!

Link to post
Share on other sites

  • Staff

please run the following:

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using the "Reset FF Proxy Settings" option, Firefox should be closed.

NEXT

Please download Farbar Service Scanner and run it

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Hi,

All's working now thanks. I think the driver may have been corrupted by a virus that I recently removed. I removed the driver, rebooted and have internet again!

Here are the scans though...

MiniToolBox by Farbar Version: 25-11-2012

Ran by dell (administrator) on 29-12-2012 at 22:56:14

Running from "C:\Users\dell\Desktop"

Windows Vista Home Basic Service Pack 2 (X86)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V 10/100 Network Connection = Local Area Connection (Connected)

Marvell Libertas 802.11b/g Wireless LAN Client Adapter = Wireless Network Connection (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : dell-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection

Physical Address. . . . . . . . . : 00-1D-09-7A-32-7D

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::68b8:581e:bcea:8252%30(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : 29 December 2012 22:51:53

Lease Expires . . . . . . . . . . : 30 December 2012 22:51:52

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 503323913

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-11-50-B1-00-1D-09-7A-32-7D

DNS Servers . . . . . . . . . . . : 194.168.4.100

194.168.8.100

NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Marvell Libertas 802.11b/g Wireless LAN Client Adapter #2

Physical Address. . . . . . . . . : 00-B0-8C-04-84-19

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 02-00-54-55-4E-01

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:381f:3a24:3f57:fffa(Preferred)

Link-local IPv6 Address . . . . . : fe80::381f:3a24:3f57:fffa%8(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{C965E8A6-F574-49CC-86D2-45FB589C304D}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 6TO4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{97A597F4-5D44-4557-B526-5AE54559B156}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: cache1.service.virginmedia.net

Address: 194.168.4.100

Name: google.com

Addresses: 2a00:1450:4009:805::1009

173.194.34.162

173.194.34.165

173.194.34.169

173.194.34.174

173.194.34.167

173.194.34.163

173.194.34.168

173.194.34.160

173.194.34.161

173.194.34.166

173.194.34.164

Pinging google.com [173.194.34.169] with 32 bytes of data:

Reply from 173.194.34.169: bytes=32 time=29ms TTL=53

Reply from 173.194.34.169: bytes=32 time=18ms TTL=53

Ping statistics for 173.194.34.169:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 29ms, Average = 23ms

Server: cache1.service.virginmedia.net

Address: 194.168.4.100

Name: yahoo.com

Addresses: 98.139.183.24

72.30.38.140

98.138.253.109

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=226ms TTL=51

Reply from 72.30.38.140: bytes=32 time=254ms TTL=51

Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 226ms, Maximum = 254ms, Average = 240ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=9ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = 9ms, Average = 6ms

===========================================================================

Interface List

30 ...00 1d 09 7a 32 7d ...... Intel® 82562V 10/100 Network Connection

12 ...00 b0 8c 04 84 19 ...... Marvell Libertas 802.11b/g Wireless LAN Client Adapter #2

1 ........................... Software Loopback Interface 1

8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

32 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

17 ...00 00 00 00 00 00 00 e0 isatap.{C965E8A6-F574-49CC-86D2-45FB589C304D}

10 ...00 00 00 00 00 00 00 e0 6TO4 Adapter

24 ...00 00 00 00 00 00 00 e0 isatap.{97A597F4-5D44-4557-B526-5AE54559B156}

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.0.0 255.255.255.0 On-link 192.168.0.5 276

192.168.0.5 255.255.255.255 On-link 192.168.0.5 276

192.168.0.255 255.255.255.255 On-link 192.168.0.5 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.0.5 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.0.5 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

8 18 ::/0 On-link

1 306 ::1/128 On-link

8 18 2001::/32 On-link

8 266 2001:0:5ef5:79fd:381f:3a24:3f57:fffa/128

On-link

30 276 fe80::/64 On-link

8 266 fe80::/64 On-link

8 266 fe80::381f:3a24:3f57:fffa/128

On-link

30 276 fe80::68b8:581e:bcea:8252/128

On-link

1 306 ff00::/8 On-link

8 266 ff00::/8 On-link

30 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)

Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5446556

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5446556

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16892163

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16892163

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32571792

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32571792

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 01:53:04 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

System errors:

=============

Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: )

Description: XAudioService%%2

Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: )

Description: 30000Roxio Hard Drive Watcher 9

Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: )

Description: LogMeIn Kernel Information Provider%%3

Error: (12/28/2012 10:06:54 PM) (Source: Service Control Manager) (User: )

Description: LMIGuardianSvc%%3

Error: (12/28/2012 09:41:53 PM) (Source: Service Control Manager) (User: )

Description: Windows Search%%1053

Error: (12/28/2012 09:41:53 PM) (Source: Service Control Manager) (User: )

Description: 30000Windows Search

Error: (12/28/2012 09:41:53 PM) (Source: DCOM) (User: )

Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/28/2012 09:38:12 PM) (Source: Service Control Manager) (User: )

Description: LMIGuardianSvc%%3

Error: (12/28/2012 08:31:35 PM) (Source: Service Control Manager) (User: )

Description: XAudioService%%2

Error: (12/28/2012 08:31:35 PM) (Source: Service Control Manager) (User: )

Description: 30000Roxio Hard Drive Watcher 9

Microsoft Office Sessions:

=========================

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5446556

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5446556

Error: (12/29/2012 07:34:30 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16892163

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16892163

Error: (12/29/2012 05:03:31 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 32571792

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 32571792

Error: (12/29/2012 10:55:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2012 01:53:04 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15631

CodeIntegrity Errors:

===================================

Date: 2012-12-28 20:54:09.871

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 20:54:09.419

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 20:54:09.029

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 20:54:08.639

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 20:54:08.171

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 20:54:07.594

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 19:25:22.334

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 19:25:22.131

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 19:25:21.928

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-12-28 19:25:21.710

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)

Adobe Reader X (10.1.4) (Version: 10.1.4)

Apple Application Support (Version: 2.2.2)

Apple Mobile Device Support (Version: 6.0.0.59)

Apple Software Update (Version: 2.1.3.127)

ArcSoft PhotoImpression

BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.28)

BlackBerry® Media Sync (Version: 2.0.28)

Bonjour (Version: 3.0.0.10)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

D3DX10 (Version: 15.4.2368.0902)

HPDiagnosticAlert (Version: 1.00.0000)

iCloud (Version: 2.0.2.187)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.11.0 (Version: )

iTunes (Version: 10.7.0.21)

iX-100 Twain Driver ver 1.0

Java 7 Update 10 (Version: 7.0.100)

Java Auto Updater (Version: 2.1.9.0)

Junk Mail filter update (Version: 15.4.3502.0922)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office Outlook Connector (Version: 14.0.5118.5000)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Search Enhancement Pack (Version: 3.0.133.0)

Microsoft Security Client (Version: 4.1.0522.0)

Microsoft Security Essentials (Version: 4.1.522.0)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MSVCRT (Version: 15.4.2862.0708)

MSVCSetup (Version: 1.00.0000)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

PowerDVD (Version: 7.0)

QuickTime (Version: 7.72.80.56)

Realtek High Definition Audio Driver

Roxio Creator Audio (Version: 3.3.0)

Roxio Creator BDAV Plugin (Version: 3.3.0)

Roxio Creator Copy (Version: 3.3.0)

Roxio Creator Data (Version: 3.3.0)

Roxio Creator DE (Version: 3.3.0)

Roxio Creator Tools (Version: 3.3.0)

Roxio Express Labeler (Version: 2.1.0)

Roxio Media Manager (Version: 9.4.067)

Roxio Update Manager (Version: 3.0.0)

Segoe UI (Version: 15.4.2271.0615)

Sonic Activation Module (Version: 1.0)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

W541U (Version: 1.00.0000)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live Family Safety (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Mobile Device Center (Version: 6.1.6965.0)

Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)

WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 49%

Total physical RAM: 2036.45 MB

Available physical RAM: 1021.77 MB

Total Pagefile: 4320.18 MB

Available Pagefile: 2811.5 MB

Total Virtual: 2047.88 MB

Available Virtual: 1939.96 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:54.07 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.56 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL-PC

Administrator dell Guest

LogMeInRemoteUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

______________________________________________________________________________

Farbar Service Scanner Version: 23-12-2012

Ran by dell (administrator) on 29-12-2012 at 23:02:03

Running from "C:\Users\dell\Desktop"

Windows Vista Home Basic Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll

[2012-10-10 04:37] - [2012-06-02 00:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

  • Staff

that's good to hear, if you want to run a couple of diagnostic scans I can make sure there are no traces of infection:

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

NEXT

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.