Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection After Removing Win 7 Virus


  • Please log in to reply
8 replies to this topic

#1 f0rgiven

f0rgiven

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 03 January 2012 - 10:47 PM

Had the Win 7 virus and used malwarebytes to remove. Everything works except internet. Device manager looks OK. Both wireless and wired just show limited connectivity. I have run FSS and here is the log:

Farbar Service Scanner
Ran by Jon Finez (administrator) on 03-01-2012 at 22:36:03
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2009-07-13 18:21] - [2009-07-13 20:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

It looks like dnsrslvr.dll is the problem? Can anyone help me fix this? Running Win 7 Home Premium 64 bit

Edit: Moved topic from Networking to the more appropriate forum, at the recommendation of staff. ~ Animal

BC AdBot (Login to Remove)

 


#2 Jardon Tech Training

Jardon Tech Training

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:53 AM

Posted 03 January 2012 - 10:54 PM

Do you have a restore point you can go back to? One when your internet was working?

#3 f0rgiven

f0rgiven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 03 January 2012 - 11:57 PM

Unfortunately, no. I tried that.

#4 Jardon Tech Training

Jardon Tech Training

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:53 AM

Posted 04 January 2012 - 12:06 AM

If you have the name of the virus you removed i'd Google that to see if anyone else has had this issue.

#5 Required Field

Required Field

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 PM

Posted 04 January 2012 - 11:05 AM

You might still be infected, it sounds like the ZeroAccess Rootkit to me. I'd start here... http://www.bleepingcomputer.com/forums/forum103.html but if you're sure it's clean, then try the instructions here http://support.microsoft.com/kb/811259#LetMeFixItMyselfAlways it works for Vista, but I couldn't find one specific to Win7
"Most quotes attributed to famous people on the internet are fake." -Abraham Lincoln

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:53 PM

Posted 04 January 2012 - 12:10 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 f0rgiven

f0rgiven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 04 January 2012 - 03:21 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.


=============================================================================

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Security Scan Plus
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Out of date Java installed!
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````End of Log````````````

====================================================================================

Please download MiniToolBox and run it.


MiniToolBox by Farbar
Ran by Jon (administrator) on 04-01-2012 at 15:13:03
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:58707

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 58707
"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.124.2 publish=Yes
add address name="Local Area Connection" address=192.168.124.26


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MININT-07I6HBL
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1C-65-9D-BB-82-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 1C-65-9D-BB-82-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 84-2B-2B-82-BE-23
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3527:f1f7:375e:3fcb%23(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.63.203(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 193211179
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-35-6A-84-2B-2B-82-BE-23
DNS Servers . . . . . . . . . . . : 192.168.123.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.nc.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{07C63340-A339-4B20-BDBC-BA025B70CA27}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #12
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.123.2

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.123.2

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 192.168.123.2

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
25...1c 65 9d bb 82 d2 ......Microsoft Virtual WiFi Miniport Adapter
24...1c 65 9d bb 82 d2 ......DW1501 Wireless-N WLAN Half-Mini Card
23...84 2b 2b 82 be 23 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #12
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.63.203 276
169.254.63.203 255.255.255.255 On-link 169.254.63.203 276
169.254.255.255 255.255.255.255 On-link 169.254.63.203 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.63.203 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.63.203 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.124.2 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 276 fe80::/64 On-link
23 276 fe80::3527:f1f7:375e:3fcb/128
On-link
1 306 ff00::/8 On-link
23 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2012 03:06:04 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/04/2012 06:35:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 10:45:05 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 09:37:36 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 07:59:27 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 06:32:53 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 06:22:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/03/2012 10:44:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (01/03/2012 10:44:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/03/2012 10:12:54 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established


System errors:
=============
Error: (01/04/2012 03:10:03 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/04/2012 03:10:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/04/2012 03:10:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/04/2012 03:08:15 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/04/2012 03:07:26 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126

Error: (01/04/2012 03:07:25 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126

Error: (01/04/2012 03:07:25 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126

Error: (01/04/2012 03:07:24 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126

Error: (01/04/2012 03:07:24 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126

Error: (01/04/2012 03:07:24 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (01/04/2012 03:06:04 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/04/2012 06:35:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 10:45:05 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 09:37:36 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 07:59:27 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 06:32:53 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (01/03/2012 06:22:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (01/03/2012 10:44:40 AM) (Source: SideBySide)(User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (01/03/2012 10:44:11 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (01/03/2012 10:12:54 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: A connection with the server could not be established


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Reader 9.4.0 (Version: 9.4.0)
Adobe SVG Viewer 3.0 (Version: 3.0)
Advanced Audio FX Engine (Version: 1.12.05)
ALLDATA Repair (Version: 10.10)
Ask Toolbar (Version: 1.14.0.0)
ATI AVIVO64 Codecs (Version: 11.6.0.50619)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0619.2309.39726)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0619.2309.39726)
Catalyst Control Center InstallProxy (Version: 2010.0619.2309.39726)
Catalyst Control Center Localization All (Version: 2010.0619.2309.39726)
ccc-core-static (Version: 2010.0619.2309.39726)
ccc-utility64 (Version: 2010.0619.2309.39726)
CCC Help Chinese Standard (Version: 2010.0619.2308.39726)
CCC Help Chinese Traditional (Version: 2010.0619.2308.39726)
CCC Help Czech (Version: 2010.0619.2308.39726)
CCC Help Danish (Version: 2010.0619.2308.39726)
CCC Help Dutch (Version: 2010.0619.2308.39726)
CCC Help English (Version: 2010.0619.2308.39726)
CCC Help Finnish (Version: 2010.0619.2308.39726)
CCC Help French (Version: 2010.0619.2308.39726)
CCC Help German (Version: 2010.0619.2308.39726)
CCC Help Greek (Version: 2010.0619.2308.39726)
CCC Help Hungarian (Version: 2010.0619.2308.39726)
CCC Help Italian (Version: 2010.0619.2308.39726)
CCC Help Japanese (Version: 2010.0619.2308.39726)
CCC Help Korean (Version: 2010.0619.2308.39726)
CCC Help Norwegian (Version: 2010.0619.2308.39726)
CCC Help Polish (Version: 2010.0619.2308.39726)
CCC Help Portuguese (Version: 2010.0619.2308.39726)
CCC Help Russian (Version: 2010.0619.2308.39726)
CCC Help Spanish (Version: 2010.0619.2308.39726)
CCC Help Swedish (Version: 2010.0619.2308.39726)
CCC Help Thai (Version: 2010.0619.2308.39726)
CCC Help Turkish (Version: 2010.0619.2308.39726)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
Dell Webcam Central (Version: 1.40.05)
DellOSD (Version: 1.10.0000)
Epson Event Manager (Version: 2.30.01)
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
EpsonNet Setup (Version: 3.1c)
Google Chrome (Version: 16.0.912.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2318.1946)
Google Update Helper (Version: 1.3.21.79)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Maintenance Samsung ML-191x 252x Series
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SecurityCenter
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Mighty Catalog DVD (Version: 1.00.000)
Mitchell 1 Database Utilities (Version: 5.9.0.7)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
OnDemand5 (Version: 5.8.1.9)
OnDemand5 ManagerPlus Demo
OnDemand5 ManagerPlus Host
OnDemand5 ManagerPlus Workstation
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Roxio Burn (Version: 1.01)
Shop Management Import Utility Package (Version: 5.9.0.7)
Shopkey Management 32 Demo
Simulcast Video Plugin (Internet Explorer) (Version: 1.0)
TeamViewer 6 (Version: 6.0.11052)
Video Training (Version: 1.00.000)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinZip (Version: 9.0 SR-1 (6224))
WORLDPAC speedDIAL
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3835.95 MB
Available physical RAM: 2716.17 MB
Total Pagefile: 7670.04 MB
Available Pagefile: 6322.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.14 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:424.5 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.62 GB) NTFS
3 Drive e: (CD_ROM) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:14.93 GB) (Free:3.89 GB) FAT32

========================= Users: ========================================

User accounts for \\MININT-07I6HBL

Administrator Guest Jon


**** End of log ****


=============================================================================

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:53 PM

Posted 04 January 2012 - 03:50 PM

Go on....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 f0rgiven

f0rgiven
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 04 January 2012 - 06:45 PM

Malwarebytes log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Jon :: MININT-07I6HBL [administrator]

1/3/2012 5:56:49 PM
mbam-log-2012-01-03 (17-56-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282094
Time elapsed: 20 minute(s), 25 second(s)

Memory Processes Detected: 1
C:\Users\Jon Finez\AppData\Local\tua.exe (Trojan.FakeAV) -> 1228 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Jon Finez\AppData\Local\tua.exe" -a "%1" %* -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|B2B.exe (Backdoor.CycBot.Gen) -> Data: C:\Users\Jon Finez\AppData\Roaming\Microsoft\E23E\B2B.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCR\.exe| (Hijacked.exeFile) -> Bad: (UI8) Good: (exefile) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jon Finez\AppData\Local\tua.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jon Finez\AppData\Local\tua.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jon Finez\AppData\Local\tua.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Jon Finez\AppData\Local\tua.exe (Trojan.FakeAV) -> Delete on reboot.
C:\Users\Jon Finez\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\9083117-44e82770 (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Jon Finez\AppData\Roaming\iexplore.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Jon Finez\AppData\Roaming\Microsoft\E23E\B2B.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.

(end)

FSS Log:
Farbar Service Scanner
Ran by Jon (administrator) on 04-01-2012 at 18:46:19
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll
[2009-07-13 18:46] - [2009-07-13 20:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

gamer does not find anything and i get a blank log file.

Edited by f0rgiven, 04 January 2012 - 07:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users