Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant connect to Internet after removal of malware


  • Please log in to reply
35 replies to this topic

#1 Needhelp77

Needhelp77

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 09 August 2009 - 12:30 PM

Hi,

On 8/6, my desktop was infected with trojan called rogue"Personal anti-virus". I downloaded the "malwarebytes anti-malware" and managed to remove the malware from the PC.

However, after removing the malware, the internet connection became limited in connectivity. [Note - I didnt know that I had to scan the PC in safe mode.]
I had since uninstalled the "malwarebytes anti-malware" software.

I called up the ISP yesterday and we worked through the "long" exercises- ip config, netsh ip int reset resetlog, pinging, etc. The ISP guy said the problem lies with the PC, and not the internet connection by ISP.[*** I have been able to connect my Notebook using the same cable modem- I can connect to Internet using my Notebook, but not the PC....]

I am not good in IT related stuff. Appreciate if someone can assist me. I hv tried everything, including reinstalling the network drivers, uninstalling anti-virus programs and firewalls. Still the connection is not working --> the internet connection icon is on, but no signals of data received/transferred....]

Is my PC still infected? I could not go online with my current PC. Please help!


Thank you for reading this!






EDIT: Seeing how you cannot wait for a few hours for a response, I removed your HJT log so you can continue here. You cannot have both at once
Besides, there was no log present in you other post, as required

Edited by garmanma, 09 August 2009 - 12:49 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 10 August 2009 - 04:36 PM

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 10 August 2009 - 11:53 PM

Hi,

Please find below :
go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". --> DONE. Reset and reboot.


For Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns", the following dialog appeared:
"Could not flush the DNS Resolver Cache: Function failed during execution"

Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot. ---> DONE and reboot.

I tried to reconnect, but still nothing - limited connectivity.

Please find below the "Network diagnostics":
Last diagnostic run time: 08/10/09 21:30:52 WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.


Note -
This limited connectivity appeared right after I deleted the rogue "Personal anti-virus" using the "malwarebytes" software. Is this "malwarebytes" software safe? I have since uninstalled this "malwarebytes" software and then reinstalled it yesterday.
I am able to connect to the internet to my other Notebook using the same cable modem. And the ISP guy has tested that the internet connection is good.


Please advise any further test that needs to be done.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 11 August 2009 - 12:00 AM

Malwarebytes is a well known application that has a very good reputation.

Try these fixes:

http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 01:17 AM

HI,

Thanks for the info.

I downloaded the "LSP-Fix" and "winsockxp fix" as instructed.

For LSP-Fix ---> it stated "No problems found." when I opened it.

For winsockxpfix --> I heard a "beep sound" after I click the "fix" button and the PC was automactically reboot.

After reboot, the network connection icon changed from "limited connectivity" to "Connected".[A big improvement! :thumbsup: ]

I opened the internet Explorer, but still failed to reconnect to the Internet. I run the Network Diagnostics, the results are as follows:

Last diagnostic run time: 08/10/09 22:50:01 WinSock Diagnostic
WinSock status

info \Device\NetBT_Tcpip_{52D11719-5C25-4B89-ADD6-93338973B470} protocol is not found in Winsock catalog.
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
action Automated repair: Reset WinSock catalog
action Successfully executed: netsh winsock reset catalog
info System restart required

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.


I was then prompted to reboot the PC after the above diagnostics. [I thought it was already reset when it was reboot earlier.???] [b][/b]

Again, after I reboot the PC, I opened the Internet Explorer ---> "Internet Explorere cannot display the webpage."

I run the Network Diagnostics again, the results:

Last diagnostic run time: 08/10/09 22:59:12 WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

[Note- This log looks similar to the 1st one that I have attached. :flowers: ]


At least, there is an improvement, the network connection icon showed "connected", instead of "limited connectivity". But no signals of data sent/transfer.

SIGH. Guess back to square one. :trumpet:

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 11 August 2009 - 01:20 AM

Try the netsh winsock reset fix again.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 01:50 AM

Hi,

I tried the "winsockxpfix" again. The same thing happened. Still couldnot connect to internet even though the Network connection icon showed it was connected.

Please find below the logs:
LOG 1 (after the winsock reset)
Last diagnostic run time: 08/10/09 23:31:37 WinSock Diagnostic
WinSock status

info \Device\NetBT_Tcpip_{52D11719-5C25-4B89-ADD6-93338973B470} protocol is not found in Winsock catalog.
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
action Automated repair: Reset WinSock catalog
action Successfully executed: netsh winsock reset catalog
info System restart required

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected


HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.


LOG 2 (I was prompted again to reboot the PC to ensure the reset has taken effect.But I still cant reconnect after the reset.)
Last diagnostic run time: 08/10/09 23:41:16 WinSock Diagnostic
WinSock status

info Error attmpting to validate the Winsock base providers: 2
error Not all base service provider entries could be found in the winsock catalog. A reset is needed.
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Intel® PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Incoming Connections, Device=(null), MediaType=NONE, SubMediaType=NONE
info Ethernet connection selected
Network adapter status

info Network connection status: Connected


HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

It's like never ending rebooting and reseting. At least, the network connection icon is showing "connected". :thumbsup:

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 11 August 2009 - 01:54 AM

If you have any modem, router or other "internet connection" software installed on your computer try reinstalling it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 01:58 AM

U mean reinstall the network adapter -Intel® PRO/100 VE ?

I only hv one modem - the Intel® PRO/100 VE ..

Will let u know the results later.

#10 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 03:51 AM

hi,

I have reinstalled the modem and network adaptor, the network connection became "limited in connectivity".

:thumbsup:


Any other suggestions?

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 11 August 2009 - 04:31 AM

Let's double-check for viruses:

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 03:46 PM

HI,
Please find the scan log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2009 at 04:49 AM

Application Version : 4.27.1002

Core Rules Database Version : 4038
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:35:23

Memory items scanned : 235
Memory threats detected : 0
Registry items scanned : 5495
Registry threats detected : 0
File items scanned : 68094
File threats detected : 10

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE


Do you want the scan log for Malwarebytes as well? I have the scan log before the connection went lost.

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 11 August 2009 - 03:57 PM

Run a new Malwarebytes scan and post both the old and new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 Needhelp77

Needhelp77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 11 August 2009 - 06:38 PM

Hi,

Please find below:

Scan log 1 (old log)

Malwarebytes' Anti-Malware 1.40
Database version: 2568
Windows 5.1.2600 Service Pack 3

8/6/2009 8:19:48 AM
mbam-log-2009-08-06 (08-19-48).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 210637
Time elapsed: 1 hour(s), 17 minute(s), 10 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 8

Memory Processes Infected:
C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalav (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\Microsoft.VC80.CRT (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\Microsoft.VC80.MFC (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PersonalAV\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart\Log\2008 Mar 24 - 12_44_33 PM_453.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart\Log\2008 Mar 24 - 12_44_40 PM_343.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\celyn\Application Data\ErrorSmart\Registry Backups\2008-03-24_12-47-11.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.


Scan Log - New

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/11/2009 4:22:07 PM
mbam-log-2009-08-11 (16-22-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 199869
Time elapsed: 1 hour(s), 21 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Looks clean. any advise?

Edited by Needhelp77, 12 August 2009 - 02:16 AM.


#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 12 August 2009 - 04:08 PM

Did you ISP provide you with any software? You could try reinstalling it.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users